Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Canvas of Kings_N6xC-S2.exe

Overview

General Information

Sample name:Canvas of Kings_N6xC-S2.exe
Analysis ID:1580374
MD5:af45bc08a07f1ba16abe59f29072ebcc
SHA1:66edea40ba7b38a45bd856e6889bba12384c458f
SHA256:e555c06879ed4eda6277e1fa8a4985590e70d8fa81421103048803e386daaf28
Tags:exeuser-zach
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:48
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Checks if browser processes are running
Checks if the current machine is a virtual machine (disk enumeration)
Contain functionality to detect virtual machines
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to infect the boot sector
Creates an undocumented autostart registry key
Found stalling execution ending in API Sleep call
Modifies the windows firewall
Possible COM Object hijacking
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Uses netsh to modify the Windows network and firewall settings
Writes many files with high entropy
Yara detected QueryWinSAT ClassID
AV process strings found (often used to terminate AV products)
Changes image file execution options
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Disables exception chain validation (SEHOP)
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
One or more processes crash
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file contains strange resources
PE file does not import any functions
PE file overlay found
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match
query blbeacon for getting browser version

Classification

Process Tree

  • System is w10x64
  • Canvas of Kings_N6xC-S2.exe (PID: 6796 cmdline: "C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe" MD5: AF45BC08A07F1BA16ABE59F29072EBCC)
    • Canvas of Kings_N6xC-S2.tmp (PID: 6836 cmdline: "C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp" /SL5="$20416,13566766,780800,C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe" MD5: 49312C19FA9B298CA2AE71E14F07CCF3)
      • saBSI.exe (PID: 3844 cmdline: "C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US MD5: 143255618462A577DE27286A272584E1)
      • avg_antivirus_free_setup.exe (PID: 6032 cmdline: "C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbM7D8YdixE5HhZyLyta7SFjWzBoCRk5knOtfwaHxtSx8W5YVAbWE4FqjuMlqeXqa53IPQ MD5: 26816AF65F2A3F1C61FB44C682510C97)
        • avg_antivirus_free_online_setup.exe (PID: 2124 cmdline: "C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbM7D8YdixE5HhZyLyta7SFjWzBoCRk5knOtfwaHxtSx8W5YVAbWE4FqjuMlqeXqa53IPQ /cookie:mmm_irs_ppi_902_451_o /ga_clientid:729de4ae-763f-4df7-a043-5659222e822a /edat_dir:C:\Windows\Temp\asw.d8c2b19fc2277941 MD5: 6EBB043BC04784DBC6DF3F4C52391CD0)
          • icarus.exe (PID: 7032 cmdline: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbM7D8YdixE5HhZyLyta7SFjWzBoCRk5knOtfwaHxtSx8W5YVAbWE4FqjuMlqeXqa53IPQ /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.d8c2b19fc2277941 /track-guid:729de4ae-763f-4df7-a043-5659222e822a MD5: A1FFFE3E9589CCFE629EB653F704A659)
      • norton_secure_browser_setup.exe (PID: 2724 cmdline: "C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is" MD5: F269C5140CBC0E376CC7354A801DDD16)
        • NortonBrowserUpdateSetup.exe (PID: 1544 cmdline: NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" MD5: 2B07E26D3C33CD96FA825695823BBFA7)
          • NortonBrowserUpdate.exe (PID: 3060 cmdline: "C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 5268 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 1184 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 1344 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0NDMDExQUU3LUFBRTUtNDU0My04NERCLUU0RDQ4MTM1ODMzRH0iIHVzZXJpZD0iezA4MDIwMkM2LTAzOTEtNDM2MC04OUUxLUMzQjg2Nzc2RDEyNX0iIHVzZXJpZF9kYXRlPSIyMDI0MTIyNCIgbWFjaGluZWlkPSJ7MDAwMEE1QkYtREU0OC1DNDM5LTg3RjAtNkQ4MTJBQUJFMDk3fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjI0IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0JBMTMwMjRFLUQ1QUYtNDgxNi05OTQ1LTA4Mzk0NzkxMEY5Rn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjA5NCIvPjwvYXBwPjwvcmVxdWVzdD4 MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 5824 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{CC011AE7-AAE5-4543-84DB-E4D48135833D}" /silent MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
      • netsh.exe (PID: 3164 cmdline: "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exe "qBittorrent" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
        • conhost.exe (PID: 6572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • qbittorrent.exe (PID: 4900 cmdline: "C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exe" magnet:?xt=urn:btih:BFF18AF5608F9196CF05BF0C1F0B54A18C3F0A77 MD5: 22A34900ADA67EAD7E634EB693BD3095)
      • WerFault.exe (PID: 4444 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 2516 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 6752 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 2516 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 4336 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6196 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 3344 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6836 -ip 6836 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 6744 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6836 -ip 6836 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • NortonBrowserUpdate.exe (PID: 7084 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 2448 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserCrashHandler.exe (PID: 5576 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe" MD5: 1694092D5DE0E0DAEF4C5EA13EA84CAB)
    • NortonBrowserCrashHandler64.exe (PID: 5544 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe" MD5: 09621280025727AB4CB39BD6F6B2C69E)
  • NortonBrowserUpdate.exe (PID: 4856 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 1856 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 6188 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
  • msiexec.exe (PID: 2312 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • NortonBrowserUpdate.exe (PID: 2908 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\GUTC558.tmpPlugXStringsPlugX Identifying StringsSeth Hardy
  • 0x1f88a8:$Dwork: D:\work
  • 0x1fac58:$Dwork: D:\work
  • 0x1faedc:$Dwork: D:\work
  • 0x2019f8:$Dwork: D:\work
  • 0x201ba0:$Dwork: D:\work
  • 0x201d08:$Dwork: D:\work
  • 0x201de0:$Dwork: D:\work
  • 0x202040:$Dwork: D:\work
  • 0x202160:$Dwork: D:\work
  • 0x202280:$Dwork: D:\work
  • 0x202330:$Dwork: D:\work
  • 0x2db910:$Dwork: D:\work
  • 0x2dba38:$Dwork: D:\work
  • 0x2dbba0:$Dwork: D:\work
  • 0x2dbd88:$Dwork: D:\work
  • 0x2dbe78:$Dwork: D:\work
  • 0x2dbff8:$Dwork: D:\work
  • 0x2dc118:$Dwork: D:\work
  • 0x2dc1c8:$Dwork: D:\work
  • 0x4ed054:$Dwork: D:\work
  • 0x4ed0b0:$Dwork: D:\work

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000003.2233964889.0000000000734000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_QueryWinSATClassIDYara detected QueryWinSAT ClassIDJoe Security
    00000001.00000003.2233909651.0000000000734000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_QueryWinSATClassIDYara detected QueryWinSAT ClassIDJoe Security
      Process Memory Space: Canvas of Kings_N6xC-S2.tmp PID: 6836JoeSecurity_QueryWinSATClassIDYara detected QueryWinSAT ClassIDJoe Security
        Process Memory Space: NortonBrowserUpdateSetup.exe PID: 1544PlugXStringsPlugX Identifying StringsSeth Hardy
        • 0x244f1:$Dwork: D:\work
        • 0x263ed:$Dwork: D:\work
        • 0x2a081:$Dwork: D:\work
        • 0x2a19c:$Dwork: D:\work
        • 0x2a2f3:$Dwork: D:\work
        • 0x2a5ee:$Dwork: D:\work
        • 0x2a706:$Dwork: D:\work
        • 0x2a85a:$Dwork: D:\work
        • 0x2aa01:$Dwork: D:\work
        • 0x2aaeb:$Dwork: D:\work
        • 0x2acd9:$Dwork: D:\work
        • 0x2adbf:$Dwork: D:\work
        • 0x2af1d:$Dwork: D:\work
        • 0x2b035:$Dwork: D:\work
        • 0x2b0df:$Dwork: D:\work
        • 0x2b1da:$Dwork: D:\work
        • 0x2b2ef:$Dwork: D:\work
        • 0x2b397:$Dwork: D:\work
        • 0x39543:$Dwork: D:\work
        • 0x3ea56:$Dwork: D:\work
        • 0x3eba4:$Dwork: D:\work

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Windows Processes Suspicious Parent Directory
        Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 4336, ProcessName: svchost.exe

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-12-24T12:05:07.412675+010020283713Unknown Traffic192.168.2.44973365.9.108.223443TCP
        2024-12-24T12:05:10.931298+010020283713Unknown Traffic192.168.2.44973465.9.108.223443TCP
        2024-12-24T12:05:13.316916+010020283713Unknown Traffic192.168.2.44973565.9.108.223443TCP
        2024-12-24T12:05:15.044082+010020283713Unknown Traffic192.168.2.44973665.9.108.223443TCP
        2024-12-24T12:05:17.934719+010020283713Unknown Traffic192.168.2.44973765.9.108.223443TCP
        2024-12-24T12:05:20.603691+010020283713Unknown Traffic192.168.2.44974065.9.108.223443TCP
        2024-12-24T12:05:37.502033+010020283713Unknown Traffic192.168.2.44974565.9.108.223443TCP
        2024-12-24T12:05:41.070960+010020283713Unknown Traffic192.168.2.44974665.9.108.223443TCP
        2024-12-24T12:05:43.974596+010020283713Unknown Traffic192.168.2.44974765.9.108.223443TCP
        2024-12-24T12:06:02.333608+010020283713Unknown Traffic192.168.2.44975565.9.108.223443TCP
        2024-12-24T12:06:03.135653+010020283713Unknown Traffic192.168.2.44975644.228.210.164443TCP
        2024-12-24T12:06:05.321072+010020283713Unknown Traffic192.168.2.44976265.9.108.223443TCP
        2024-12-24T12:06:05.668153+010020283713Unknown Traffic192.168.2.44976344.228.210.164443TCP
        2024-12-24T12:06:08.293482+010020283713Unknown Traffic192.168.2.44977265.9.108.105443TCP
        2024-12-24T12:06:10.938967+010020283713Unknown Traffic192.168.2.44978334.117.223.223443TCP
        2024-12-24T12:06:12.737133+010020283713Unknown Traffic192.168.2.44978644.228.210.164443TCP
        2024-12-24T12:06:12.767531+010020283713Unknown Traffic192.168.2.44979234.117.223.223443TCP
        2024-12-24T12:06:13.851146+010020283713Unknown Traffic192.168.2.44979465.9.108.105443TCP
        2024-12-24T12:06:28.531857+010020283713Unknown Traffic192.168.2.449846104.20.86.8443TCP
        2024-12-24T12:06:28.967250+010020283713Unknown Traffic192.168.2.44984544.228.210.164443TCP
        2024-12-24T12:06:48.949653+010020283713Unknown Traffic192.168.2.44990734.117.223.223443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: Canvas of Kings_N6xC-S2.exeAvira: detected
        Multi AV Scanner detection for submitted file
        Source: Canvas of Kings_N6xC-S2.exeReversingLabs: Detection: 18%
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00085870 GetCurrentProcessId,GetCurrentThreadId,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,UuidCreate,UuidCreate,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,5_2_00085870
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00086220 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,5_2_00086220
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000867B0 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,5_2_000867B0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_0047B0E0 CryptDestroyHash,CryptDestroyHash,6_2_0047B0E0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00479250 CryptGenRandom,GetLastError,__CxxThrowException@8,6_2_00479250
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_004782F0 CryptDestroyHash,6_2_004782F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00479450 CryptCreateHash,CryptDestroyHash,GetLastError,__CxxThrowException@8,6_2_00479450
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00478DC0 lstrcatA,CryptAcquireContextA,CryptReleaseContext,GetLastError,__CxxThrowException@8,CryptReleaseContext,6_2_00478DC0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00479020 CryptCreateHash,CryptDestroyHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,6_2_00479020
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00478260 CryptDestroyHash,6_2_00478260
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00479340 CryptGetHashParam,CryptGetHashParam,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,6_2_00479340
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_004794D0 CryptHashData,GetLastError,__CxxThrowException@8,6_2_004794D0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00492660 CryptReleaseContext,6_2_00492660
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00478EF0 CryptReleaseContext,6_2_00478EF0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF1617F LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,7_2_6AF1617F
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008309E0 CryptProtectData,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,CryptUnprotectData,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,8_2_008309E0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007FDF30 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GlobalMemoryStatusEx,GetDiskFreeSpaceExW,GetSystemTimes,QueryPerformanceCounter,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,8_2_007FDF30
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_0e0360d0-9

        Compliance

        barindex
        Uses 32bit PE files
        Source: Canvas of Kings_N6xC-S2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
        PE / OLE file has a valid certificate
        Source: Canvas of Kings_N6xC-S2.exeStatic PE information: certificate valid
        Uses secure TLS version for HTTPS connections
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49733 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49734 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49736 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49737 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49740 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49745 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49746 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49747 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49755 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 44.228.210.164:443 -> 192.168.2.4:49756 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49762 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.105:443 -> 192.168.2.4:49772 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49783 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49792 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.20.86.8:443 -> 192.168.2.4:49791 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.105:443 -> 192.168.2.4:49794 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.20.86.8:443 -> 192.168.2.4:49846 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.20.86.8:443 -> 192.168.2.4:49849 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.20.86.8:443 -> 192.168.2.4:49848 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.20.86.8:443 -> 192.168.2.4:49863 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49907 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49910 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49912 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49923 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49989 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49995 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49996 version: TLS 1.2
        Contains modern PE file flags such as dynamic base (ASLR) or NX
        Source: Canvas of Kings_N6xC-S2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Binary contains paths to debug symbols
        Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_ms.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000042E1000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\work\3db0bf373ac3fc9b\Release Midex\Midex.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_fa.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003676000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: NortonBrowserUpdateBroker_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000307F000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_ru.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000379E000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_lt.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003720000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_el.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003630000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_tr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004399000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000027F5000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_de.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002614000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: NortonBrowserCrashHandler_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\work\c6a7e165ce7a986c\Unicode\Plugins\inetc.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: NortonBrowserUpdateCore_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000040AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003525000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: NortonBrowserCrashHandler64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_mr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000042D5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003742000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_bg.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000025DB000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_gu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002692000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_sr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004353000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_th.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000438D000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 00000006.00000000.2308794053.0000000000493000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2921459091.0000000000493000.00000002.00000001.01000000.0000000E.sdmp
        Source: Binary string: psmachine_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\work\7c64e6304ba228bc\Plugins\nsJSON.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2978405681.000000006F6F6000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: psmachine_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2279002766.000000000012E000.00000002.00000001.01000000.0000000D.sdmp
        Source: Binary string: psuser_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: psuser_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_am.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000025C0000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_lv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000271A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000042BE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_cs.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000025FD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000041A1000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdate_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000039A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000002E82000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_hi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004242000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_es-419.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000365E000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: G:\QBITTORRENT\build-qbittorrent442-Qt5_msvc2017_x32-Release\src\release\qbittorrent.pdb source: qbittorrent.exe, 0000000B.00000000.2393333564.0000000001546000.00000002.00000001.01000000.00000018.sdmp
        Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mi_exe_stub.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000000.2413429268.0000000000098000.00000002.00000001.01000000.0000001C.sdmp
        Source: Binary string: goopdateres_unsigned_pt-BR.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000276B000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_hr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026AA000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_id.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036D2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004265000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: psuser_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_zh-TW.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000002.2924855060.00000000006FF000.00000004.00000010.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000282D000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb} source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: psmachine_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\work\ed1c64258fb55966\build\Release\thirdparty.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2976316348.000000006AE2E000.00000002.00000001.01000000.00000014.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_sw.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000436A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000027C6000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_pt-PT.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000431A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002776000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: NortonBrowserUpdateOnDemand_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000028CB000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb[ source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: npNortonBrowserUpdate3_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003B2B000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_vi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000043BB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002817000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_bn.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000025E6000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\work\9bf849bab5260311\Plugins\Release_Mini\StdUtils.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2976705531.000000006AE63000.00000002.00000001.01000000.00000013.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\work\f369f300b8043bce\plugins\src\jsis\build\Release Unicode\jsis.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2977983655.000000006B0C2000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: acuapi_64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_ja.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036FF000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_sv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000027BB000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_es.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000041E6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003653000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_is.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004270000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_ro.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003793000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_fr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002687000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_uk.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002800000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000043A4000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\work\893f00f663353e48\bin\x86\MinSizeRel\JsisPlugins.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2977306249.000000006B00E000.00000002.00000001.01000000.00000012.sdmp
        Source: Binary string: goopdateres_unsigned_ca.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004196000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003602000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_nl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000042ED000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_ko.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002704000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_et.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002659000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_iw.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036F4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004287000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_no.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002754000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000042F8000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000000.2362106863.00000000008B4000.00000002.00000001.01000000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2929833021.00000000008B4000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: goopdateres_unsigned_fil.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000368C000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_pl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004303000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_en-GB.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000041DB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003648000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: psuser_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_ml.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003736000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_fi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004214000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_hu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036C6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004259000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdbM source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_en.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000363C000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: psmachine_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_ar.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000025D0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004174000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_sl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000027A4000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_zh-CN.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002822000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_kn.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026F9000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: acuapi_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\work\21e9bc5e69dd57f1\build\Release Unicode\jsisdl.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Windows\System32\msiexec.exeFile opened: z:
        Source: C:\Windows\System32\msiexec.exeFile opened: x:
        Source: C:\Windows\System32\msiexec.exeFile opened: v:
        Source: C:\Windows\System32\msiexec.exeFile opened: t:
        Source: C:\Windows\System32\msiexec.exeFile opened: r:
        Source: C:\Windows\System32\msiexec.exeFile opened: p:
        Source: C:\Windows\System32\msiexec.exeFile opened: n:
        Source: C:\Windows\System32\msiexec.exeFile opened: l:
        Source: C:\Windows\System32\msiexec.exeFile opened: j:
        Source: C:\Windows\System32\msiexec.exeFile opened: h:
        Source: C:\Windows\System32\msiexec.exeFile opened: f:
        Source: C:\Windows\System32\msiexec.exeFile opened: b:
        Source: C:\Windows\System32\msiexec.exeFile opened: y:
        Source: C:\Windows\System32\msiexec.exeFile opened: w:
        Source: C:\Windows\System32\msiexec.exeFile opened: u:
        Source: C:\Windows\System32\msiexec.exeFile opened: s:
        Source: C:\Windows\System32\msiexec.exeFile opened: q:
        Source: C:\Windows\System32\msiexec.exeFile opened: o:
        Source: C:\Windows\System32\msiexec.exeFile opened: m:
        Source: C:\Windows\System32\msiexec.exeFile opened: k:
        Source: C:\Windows\System32\msiexec.exeFile opened: i:
        Source: C:\Windows\System32\msiexec.exeFile opened: g:
        Source: C:\Windows\System32\msiexec.exeFile opened: e:
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile opened: c:
        Source: C:\Windows\System32\msiexec.exeFile opened: a:
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00405B6C CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405B6C
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_004028D5 FindFirstFileW,7_2_004028D5
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040679D FindFirstFileW,FindClose,7_2_0040679D
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0B7010 lstrlenW,lstrcpyW,lstrcpyW,lstrcpyW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrlenW,lstrcpyW,FindNextFileW,FindClose,7_2_6B0B7010
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007F6F60 FindFirstFileExW,GetLastError,PathMatchSpecW,FindNextFileW,GetLastError,FindClose,UnlockFileEx,8_2_007F6F60
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007EE180 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,SetLastError,8_2_007EE180
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007F4590 FindFirstFileW,FindNextFileW,FindClose,GetFileAttributesW,GetFileAttributesW,SetFileAttributesW,RemoveDirectoryW,Sleep,GetFileAttributesW,8_2_007F4590
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_00820AC0 FindFirstFileW,MoveFileExW,GetLastError,FindNextFileW,GetFileAttributesW,GetLastError,MoveFileExW,GetLastError,FindClose,8_2_00820AC0
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\userJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extractJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppDataJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmpJump to behavior
        Source: Joe Sandbox ViewIP Address: 34.160.176.28 34.160.176.28
        Source: Joe Sandbox ViewIP Address: 34.117.223.223 34.117.223.223
        Source: Joe Sandbox ViewIP Address: 34.117.223.223 34.117.223.223
        Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
        Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
        Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49735 -> 65.9.108.223:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49734 -> 65.9.108.223:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49736 -> 65.9.108.223:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49737 -> 65.9.108.223:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49733 -> 65.9.108.223:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49745 -> 65.9.108.223:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49740 -> 65.9.108.223:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49746 -> 65.9.108.223:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49747 -> 65.9.108.223:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49756 -> 44.228.210.164:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49763 -> 44.228.210.164:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49755 -> 65.9.108.223:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49762 -> 65.9.108.223:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49772 -> 65.9.108.105:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49794 -> 65.9.108.105:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49792 -> 34.117.223.223:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49786 -> 44.228.210.164:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49783 -> 34.117.223.223:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49846 -> 104.20.86.8:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49845 -> 44.228.210.164:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49907 -> 34.117.223.223:443
        Source: global trafficHTTP traffic detected: POST /o HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 128Host: d3ben4sjdmrs9v.cloudfront.net
        Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=66c807ad3803012585cdea4992ef6b005dda8cf3863b9f1c5ce9cd6f798ad443User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 289Host: d3ben4sjdmrs9v.cloudfront.net
        Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=66c807ad3803012585cdea4992ef6b005dda8cf3863b9f1c5ce9cd6f798ad443User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 379Host: d3ben4sjdmrs9v.cloudfront.net
        Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=66c807ad3803012585cdea4992ef6b005dda8cf3863b9f1c5ce9cd6f798ad443User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 369Host: d3ben4sjdmrs9v.cloudfront.net
        Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=66c807ad3803012585cdea4992ef6b005dda8cf3863b9f1c5ce9cd6f798ad443User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 377Host: d3ben4sjdmrs9v.cloudfront.net
        Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=66c807ad3803012585cdea4992ef6b005dda8cf3863b9f1c5ce9cd6f798ad443User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 367Host: d3ben4sjdmrs9v.cloudfront.net
        Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=66c807ad3803012585cdea4992ef6b005dda8cf3863b9f1c5ce9cd6f798ad443User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 319Host: d3ben4sjdmrs9v.cloudfront.net
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0B91E0 lstrlenW,HttpQueryInfoW,GlobalAlloc,GlobalAlloc,GlobalAlloc,lstrlenW,CreateFileW,GetLastError,InternetReadFile,lstrcpynA,WriteFile,InternetReadFile,GetLastError,InternetQueryOptionW,InternetQueryOptionW,InternetQueryOptionW,wsprintfW,GetLastError,MultiByteToWideChar,GetLastError,wsprintfW,GlobalFree,CloseHandle,DeleteFileW,7_2_6B0B91E0
        Source: global trafficHTTP traffic detected: GET /f/AVG_AV/images/1509/EN.png HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d3ben4sjdmrs9v.cloudfront.net
        Source: global trafficHTTP traffic detected: GET /f/NORTON_BRW/images/1494/547x280/EN.png HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d3ben4sjdmrs9v.cloudfront.net
        Source: global trafficHTTP traffic detected: GET /f/WebAdvisor/files/1489/saBSI.zip HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d3ben4sjdmrs9v.cloudfront.net
        Source: global trafficHTTP traffic detected: GET /f/AVG_AV/files/1319/avg.zip HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d3ben4sjdmrs9v.cloudfront.net
        Source: global trafficHTTP traffic detected: GET /f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d3ben4sjdmrs9v.cloudfront.net
        Source: global trafficHTTP traffic detected: GET /service/check2&appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&appversion=1.8.1649.5&applang=&machine=1&version=1.8.1649.5&userid=%7B080202C6-0391-4360-89E1-C3B86776D125%7D&osversion=10.0&servicepack= HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Google Update/1.8.1649.5;winhttpX-Last-HR: 0x0X-Last-HTTP-Status-Code: 0X-Retry-Count: 0X-HTTP-Attempts: 1Host: update.norton.securebrowser.com
        Source: global trafficHTTP traffic detected: GET /service/check2&appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&appversion=1.8.1649.5&applang=&machine=1&version=1.8.1649.5&userid=%7B080202C6-0391-4360-89E1-C3B86776D125%7D&osversion=10.0&servicepack= HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Google Update/1.8.1649.5;winhttpX-Old-UID: age=-1; cnt=0X-Last-HR: 0x0X-Last-HTTP-Status-Code: 0X-Retry-Count: 0X-HTTP-Attempts: 1Host: update.norton.securebrowser.com
        Source: global trafficHTTP traffic detected: GET /?p_age=0&p_bld=mmm_irs_ppi_902_451_o&p_cpua=x64&p_edi=15&p_icar=1&p_lng=en&p_midex=3F5C7CD44D1F6AC769934CADA267B4DFCEA62DE7E764D162133E6CAEDE356FD0&p_ost=0&p_osv=10.0&p_pro=111&p_prod=avg-av&p_ram=8191&p_vbd=9725&p_vep=24&p_ves=12&p_vre=2390&repoid=release& HTTP/1.1Host: shepherd.avcdn.netUser-Agent: libcurl/8.7.0-DEV Schannel zlib/1.3.1 c-ares/1.28.1 nghttp2/1.48.0Accept: */*Accept-Encoding: deflate, gzip
        Source: global trafficHTTP traffic detected: GET /?p_age=0&p_bld=mmm_irs_ppi_902_451_o&p_cpua=x64&p_icar=1&p_lng=en&p_midex=3F5C7CD44D1F6AC769934CADA267B4DFCEA62DE7E764D162133E6CAEDE356FD0&p_ost=0&p_osv=10.0&p_pro=111&p_prod=avg-av-vps&p_ram=8191&p_vbd=2402&p_vep=24&p_ves=12&p_vre=8785&repoid=release& HTTP/1.1Host: shepherd.avcdn.netUser-Agent: libcurl/8.7.0-DEV Schannel zlib/1.3.1 c-ares/1.28.1 nghttp2/1.48.0Accept: */*Accept-Encoding: deflate, gzip
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: www.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06login.yahoo.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3mail.google.com04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1eaddons.mozilla.org92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43login.live.comb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c03e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:7139:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29login.skype.come9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47DigiNotar Root CA0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Services CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49global trusteed8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0*.google.com05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56CertiID Enterprise Certificate Authoritya4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21DigiNotar Qualified CA5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Services 1024 CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Root CA G20a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3e27:b1NIC CA 2011NIC CA 201401:31:69:b007:27:10:0301:31:34:bfDigiNotar PKIoverheid CA Overheid en Bedrijven07:27:10:0d46:9c:2c:b007:27:0f:f9DigiNotar Cyber CA46:9c:2c:afDigiNotar Public CA 202507:27:14:a946:9c:3c:c9d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar PKIoverheid CA Organisatie - G21e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Extended Validation CA41UTN-USERFirst-Hardware08:27MD5 Collisions Inc. (http://www.phreedom.org/md5)4c:0e:63:6aDigisign Server ID (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0Digisign Server ID - (Enrich)27:83AC DG Tr equals www.yahoo.com (Yahoo)
        Source: global trafficDNS traffic detected: DNS query: d3ben4sjdmrs9v.cloudfront.net
        Source: global trafficDNS traffic detected: DNS query: analytics.apis.mcafee.com
        Source: global trafficDNS traffic detected: DNS query: v7event.stats.avast.com
        Source: global trafficDNS traffic detected: DNS query: honzik.avcdn.net
        Source: global trafficDNS traffic detected: DNS query: sadownload.mcafee.com
        Source: global trafficDNS traffic detected: DNS query: analytics.avcdn.net
        Source: global trafficDNS traffic detected: DNS query: stats.securebrowser.com
        Source: global trafficDNS traffic detected: DNS query: update.norton.securebrowser.com
        Source: global trafficDNS traffic detected: DNS query: cdn-update.norton.securebrowser.com
        Source: global trafficDNS traffic detected: DNS query: shepherd.avcdn.net
        Source: unknownHTTP traffic detected: POST /o HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 128Host: d3ben4sjdmrs9v.cloudfront.net
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Dec 2024 11:06:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closex-powered-by: Expresscontent-security-policy: default-src 'none'x-content-type-options: nosniffcf-cache-status: DYNAMICServer: cloudflareCF-RAY: 8f701f5e08dc4258-EWR
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Dec 2024 11:06:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closex-powered-by: Expresscontent-security-policy: default-src 'none'x-content-type-options: nosniffcf-cache-status: DYNAMICServer: cloudflareCF-RAY: 8f701f6b1d60c329-EWR
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s:%d;https=https://%s:%dContent-EncodingHTTP/1.0deflate:
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s:%d;https=https://%s:%dHTTP/1.0
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://bugreports.qt.io/
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://bugreports.qt.io/1_q_preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EA4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004ED9000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E35000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412179424.0000000004A21000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2921730208.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412311308.0000000004A2B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2975944804.0000000004A2C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003676000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002704000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000276B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000431A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004242000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003793000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000379E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000819000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2973825907.00000000046E0000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E35000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412179424.0000000004A21000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2921730208.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003676000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002704000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000276B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000431A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004242000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003793000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000379E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002687000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036FF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003630000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crt0
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004ED9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EA4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004ED9000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E35000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2973825907.0000000004706000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412179424.0000000004A21000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2921730208.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412311308.0000000004A2B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003676000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002704000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000276B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000431A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004242000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003793000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000379E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EA4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004ED9000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2973825907.00000000046E0000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E35000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2973825907.0000000004706000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412179424.0000000004A21000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2921730208.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412311308.0000000004A2B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E7C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: saBSI.exe, saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2279002766.000000000012E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx:
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxb
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxv
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.com/
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764336975.000000000090E000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2309485072.00000000028CA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2929702891.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2360180609.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E7C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2676967364.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2486968413.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2390745818.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2749131788.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2569408847.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2622976283.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2412880620.00000000006CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2714616486.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2580970462.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2412180856.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2406771349.00000000006CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
        Source: avg_antivirus_free_setup.exe, 00000006.00000002.2928141299.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
        Source: avg_antivirus_free_setup.exe, 00000006.00000002.2928141299.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
        Source: svchost.exe, 0000000C.00000002.2976152871.0000022F67C00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EA4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004ED9000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E35000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412179424.0000000004A21000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2921730208.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412311308.0000000004A2B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2975944804.0000000004A2C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003676000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002704000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000276B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000431A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004242000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003793000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000379E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000819000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2973825907.00000000046E0000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E35000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412179424.0000000004A21000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2921730208.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003676000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002704000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000276B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000431A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004242000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003793000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000379E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002687000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036FF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003630000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0S
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004ED9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2928141299.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EA4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004ED9000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E35000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2973825907.0000000004706000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412179424.0000000004A21000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2921730208.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412311308.0000000004A2B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003676000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002704000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000276B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000431A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004242000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003793000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000379E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: NortonBrowserUpdate.exe, 00000012.00000002.2492111577.0000000001495000.00000002.00000001.00040000.00000023.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000819000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2973825907.00000000046E0000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E35000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412179424.0000000004A21000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2921730208.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003676000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002704000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000276B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000431A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004242000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003793000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000379E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002687000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036FF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003630000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004ED9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
        Source: avg_antivirus_free_setup.exe, 00000006.00000002.2928141299.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
        Source: avg_antivirus_free_setup.exe, 00000006.00000002.2928141299.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclid
        Source: svchost.exe, 0000000C.00000003.2398013421.0000022F67E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
        Source: svchost.exe, 0000000C.00000003.2398013421.0000022F67E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
        Source: svchost.exe, 0000000C.00000003.2398013421.0000022F67E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
        Source: svchost.exe, 0000000C.00000003.2398013421.0000022F67E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
        Source: svchost.exe, 0000000C.00000003.2398013421.0000022F67E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
        Source: svchost.exe, 0000000C.00000003.2398013421.0000022F67E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
        Source: svchost.exe, 0000000C.00000003.2398013421.0000022F67E4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
        Source: svchost.exe, 0000000C.00000003.2398013421.0000022F67F07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/
        Source: avg_antivirus_free_setup.exe, 00000006.00000000.2308794053.0000000000493000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2921459091.0000000000493000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://https://:allow_fallback/installer.exe
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://median-a1.iavs9x.u.avast.com/iavs9x/avast_one_essential_setup_online.exe
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://median-free.iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2921730208.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000000.2338313762.000000000040A000.00000008.00000001.01000000.0000000F.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004ED9000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000819000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2973825907.00000000046E0000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E35000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412179424.0000000004A21000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2921730208.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003676000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002704000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EA4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004ED9000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2973825907.00000000046E0000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E35000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2973825907.0000000004706000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412179424.0000000004A21000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2921730208.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412311308.0000000004A2B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E7C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EA4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004ED9000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E35000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412179424.0000000004A21000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2921730208.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412311308.0000000004A2B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2975944804.0000000004A2C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003676000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002704000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000276B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000431A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004242000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003793000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000379E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EA4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004ED9000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E35000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2973825907.0000000004706000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412179424.0000000004A21000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2921730208.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412311308.0000000004A2B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003676000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002704000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000276B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000431A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004242000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003793000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000379E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2928141299.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.com
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-start-end-entity
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-whitespace-only-CharData
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-whitespace-only-CharDatahttp://trolltech.com/xml/features/
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/MD/
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/PD/
        Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000307F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0f
        Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000307F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
        Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000307F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t2.symcb.com0
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crl0
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crt0
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcd.com0&
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entity
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharData
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
        Source: avg_antivirus_free_setup.exe, 00000006.00000002.2926152112.0000000004BA8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2370757024.0000000004C14000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2929702891.0000000004C15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/
        Source: avg_antivirus_free_setup.exe, 00000006.00000002.2926152112.0000000004BA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/b
        Source: avg_antivirus_free_setup.exe, 00000006.00000002.2929702891.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2360032414.0000000004BE2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2926152112.0000000004BA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
        Source: avg_antivirus_free_setup.exe, 00000006.00000002.2929702891.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004C3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgi
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/WTUI
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/wtu.
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004ED9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004ED9000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000819000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2973825907.00000000046E0000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E35000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412179424.0000000004A21000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2921730208.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003676000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002704000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1674680368.0000000002500000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.2755978022.0000000002266000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1681931594.0000000003460000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2751722372.0000000007586000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
        Source: avg_antivirus_free_setup.exe, 00000006.00000002.2929702891.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2360032414.0000000004BE2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2926152112.0000000004BDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/
        Source: avg_antivirus_free_setup.exe, 00000006.00000002.2926152112.0000000004BA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect
        Source: avg_antivirus_free_setup.exe, 00000006.00000002.2929702891.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004C3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com:80/collect
        Source: qbittorrent.exe, 0000000B.00000002.3032016622.0000000004459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Microsof
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mcafee.com
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://www.phreedom.org/md5)
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://www.phreedom.org/md5)4c:0e:63:6aDigisign
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBI
        Source: qbittorrent.exe, 0000000B.00000002.3032016622.000000000444F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixeshttp://trolltech.com/xml/features/report-whitespace-on
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2937175414.0000000002799000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%HOST_PREFIX%installer.norton.securebrowser.com/policies/license/?l=%LOCALE%licenseAgreement
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2937175414.0000000002799000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%HOST_PREFIX%installer.norton.securebrowser.com/policies/privacy/?l=%LOCALE%privacyPolicyLin
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2937175414.0000000002799000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%HOST_PREFIX%installer.norton.securebrowser.com/uninstall-survey/
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/details/avg-online-security
        Source: saBSI.exe, 00000005.00000002.2928526983.0000000002881000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/
        Source: saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.0000000002881000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record
        Source: saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordXr
        Source: saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordons:Nov:November:Dec:December
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/records
        Source: saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/record
        Source: saBSI.exe, 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2279002766.000000000012E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.comse
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.000000000068E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2390745818.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2412880620.00000000006CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2412180856.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2406771349.00000000006CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2406445183.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2406445183.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25.ic
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2413891741.000000000069E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2390745818.000000000069D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25A-F5;
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2390745818.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25q
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.0000000000647000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net:443/v4/receive/json/25
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.qa.apis.mcafee.comn
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764336975.0000000000920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bloatware.ff.avast.com/avast/ss/
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2937175414.0000000002799000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-%HOST_PREFIX%update.norton.securebrowser.com/installer/%VERSION%/norton-securebrowser%ED
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-download.avastbrowser.com/avg_secure_browser_setup.exe
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/avg-online-security/nbmoafcmbajniiapeidgficgifbfmjfo?utm_s
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2715273606.00000000053EE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxdelaytimeout-elapsedterminatecontinueargumentsshow-wi
        Source: saBSI.exe, 00000005.00000002.2928526983.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2537672509.0000000004D7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://confluence.int.mcafee.com/pages/viewpage.action?pageId=35264328
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1674680368.0000000002500000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.2755978022.00000000022CD000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2745827697.00000000035B5000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2742327506.0000000002420000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1681931594.0000000003460000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2744532528.00000000034AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://control.kochava.com/v1/cpi/click?campaign_id=kohotspot-shield-2oo5a3058127822662&network_id=
        Source: avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2360180609.0000000004C3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0
        Source: avg_antivirus_free_setup.exe, 00000006.00000002.2929702891.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2360180609.0000000004BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2928141299.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2360180609.0000000004C3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
        Source: avg_antivirus_free_setup.exe, 00000006.00000003.2360180609.0000000004BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2928141299.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0Cross-Origin-Resource-Policycross-originX
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cu1pehnswad01.servicebus.windows.net/wadp32h02/messages?timeout=60&api-version=2014-01
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
        Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000307F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
        Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000307F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433301720.0000000004EF6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2749782006.0000000004EF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433301720.0000000004EF6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2749782006.0000000004EF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/X
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1674680368.0000000002500000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.2755978022.00000000022CD000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2742327506.0000000002420000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1681931594.0000000003460000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2751722372.0000000007460000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2744532528.00000000034AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1674680368.0000000002500000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.2755978022.00000000022CD000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2745827697.000000000358A000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2742327506.0000000002420000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1681931594.0000000003460000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2744532528.00000000034AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2277783422.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2747353590.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004E77000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2308120511.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433556335.0000000004E8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/files/1319/avg.zip
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2308120511.0000000004E8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/files/1319/avg.zipI.zi
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433556335.0000000004E8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/files/1319/avg.zipI.zi#Lr=
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2277783422.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2747353590.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004E77000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2308120511.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433556335.0000000004E8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.pngd
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2308120511.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433556335.0000000004E8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.pngng0
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004E77000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2308120511.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433556335.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2277783422.0000000004E8D000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2747353590.0000000004E8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000930000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip%;
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433556335.0000000004E8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip&Bl?
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433556335.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2747353590.0000000004E8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipTB
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2742327506.00000000024E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipu
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2431828115.0000000004EBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337088518.0000000004EC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.pngA
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2431828115.0000000004EBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.pngE
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.pngl
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2431828115.0000000004EBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.pngz
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2742327506.00000000024A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2431828115.0000000004EBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipSOR
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2307998102.0000000004ECB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004EBE000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306878132.0000000004ED3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337088518.0000000004EC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipSORE
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004E77000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2277783422.0000000004E8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipure_browser_setup.zip
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2277783422.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2747353590.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004E77000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2308120511.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433556335.0000000004E8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png.
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2277783422.0000000004E44000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004E43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png0/EN.png4FqjuMlqeXqa53IPQ
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1674680368.0000000002500000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.2755978022.00000000022CD000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2751722372.0000000007466000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2742327506.0000000002420000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1681931594.0000000003460000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2744532528.00000000034AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/o
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1674680368.0000000002500000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.2755978022.00000000022CD000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2747353590.0000000004E9E000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306878132.0000000004EC0000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004EBE000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2742327506.0000000002420000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2742327506.000000000254A000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1681931594.0000000003460000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433556335.0000000004E9A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2745827697.00000000035CE000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2744532528.00000000034AC000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2431828115.0000000004EDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/zbd
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/zbd.tmp
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2431828115.0000000004EDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/zbdR
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306878132.0000000004EC0000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004EBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/zbddl-
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.00000000008D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net:443/zbd
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
        Source: qbittorrent.exe, 0000000B.00000002.2994444060.0000000001647000.00000004.00000001.01000000.00000018.sdmpString found in binary or memory: https://download.db-ip.com/free/dbip-country-lite-%1.mmdb.gz
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2715273606.00000000053EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefoxextension.avast.com/aos/update.json
        Source: svchost.exe, 0000000C.00000003.2398013421.0000022F67EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
        Source: svchost.exe, 0000000C.00000003.2398013421.0000022F67E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
        Source: svchost.exe, 0000000C.00000003.2398013421.0000022F67EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
        Source: svchost.exe, 0000000C.00000003.2398013421.0000022F67EA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
        Source: svchost.exe, 0000000C.00000003.2398013421.0000022F67EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns.sb.avast.com
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763417695.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eula
        Source: avg_antivirus_free_setup.exe, 00000006.00000003.2360032414.0000000004BE2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2676967364.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2486968413.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2749131788.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2569408847.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2622976283.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2714616486.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2580970462.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2569408847.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/6m
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2676967364.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2749131788.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2714616486.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/Y
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2390745818.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2390745818.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2412880620.00000000006CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2412180856.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2406771349.00000000006CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2406445183.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/defs/avg-av/release.xml.lzma
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2676967364.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2749131788.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2714616486.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/fmO
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2676967364.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2749131788.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2714616486.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/nmW
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-atrk/release/avg_antitrack_online_setup.exe
        Source: avg_antivirus_free_setup.exe, 00000006.00000003.2360180609.0000000004BF9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2360180609.0000000004BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2928141299.0000000004BF9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BF9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe
        Source: avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exeO
        Source: avg_antivirus_free_setup.exe, 00000006.00000003.2360180609.0000000004BF9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2928141299.0000000004BF9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exed-?t$
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exe
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bs/release/avg_battery_saver_online_setup.exe
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-du/release/avg_driver_updater_online_setup.exe
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-tu/release/avg_tuneup_online_setup.exe
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-vpn/release/avg_vpn_online_setup.exe
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2622976283.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2714616486.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/2f8a/779d/1460/2f8a779d146017868e5dd4e67083675da9aa5b94a174d8b56c3
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/3ba8/fbac/3885/3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2406445183.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/48c1/d01f/6234/48c1d01f6234e7c129b31a0c2388de0f102f718721fedf18edb
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2714616486.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/6b80/fa1f/8221/6b80fa1f82216a58bdc872de1a8e2cf9d2c485d135cf3414b79
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2676967364.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/aa90/1643/995c/aa901643995c786c0598ce59c6edc19d0202ef4a3a8a0cb0c1a
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/e9e9/a93a/90fd/e9e9a93a90fdacb5677472fbfeb58dfcea5047e1d044cae69fe
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/f6c2/9c47/0a75/f6c29c470a756f71f14ad40453e27aa8e141bd3443b84483c73
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2412880620.00000000006CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2412180856.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2406771349.00000000006CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2406445183.00000000006BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/vm?
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.0000000000647000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/defs/avg-av/release.xml.lzma
        Source: avg_antivirus_free_setup.exe, 00000006.00000003.2360180609.0000000004BFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/setup/avg-av/release/avg_antivirus_free_online_setup.exe
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.0000000000647000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/universe/e9e9/a93a/90fd/e9e9a93a90fdacb5677472fbfeb58dfcea5047e1d044cae
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.0000000000647000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/universe/f6c2/9c47/0a75/f6c29c470a756f71f14ad40453e27aa8e141bd3443b8448
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastium
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avg.com
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://identityprotection.avg.com
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000000.1674279002.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
        Source: norton_secure_browser_setup.exe, 00000007.00000003.2374354528.0000000003E66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.com
        Source: svchost.exe, 0000000C.00000003.2398013421.0000022F67EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
        Source: svchost.exe, 0000000C.00000003.2398013421.0000022F67E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packet-responder.ff.avast.com:8443Vaar-VersionVaar-Header-Content-Type0Failed
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.com
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://prod1-fe-basic-auth-breach.prod.aws.lifelock.com
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763329826.000000000092E000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764181804.0000000000934000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.c
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2745537272.0000000003572000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policies
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avg/1.0.761/updatefile.json
        Source: saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/
        Source: saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/J
        Source: saBSI.exe, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/
        Source: saBSI.exe, 00000005.00000003.2380332434.0000000002906000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2380009561.0000000002906000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002902000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml
        Source: saBSI.exe, 00000005.00000003.2493478584.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2380332434.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml/
        Source: saBSI.exe, 00000005.00000003.2380332434.0000000002906000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2380009561.0000000002906000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002902000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml
        Source: saBSI.exe, 00000005.00000003.2493478584.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2380332434.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml
        Source: saBSI.exe, 00000005.00000003.2380246086.0000000004D0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/
        Source: saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xmlXu
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2380332434.0000000002906000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2380009561.0000000002906000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028AA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002902000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml
        Source: saBSI.exe, 00000005.00000003.2493478584.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2380332434.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml/
        Source: saBSI.exe, 00000005.00000003.2380332434.0000000002906000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2380009561.0000000002906000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002902000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml
        Source: saBSI.exe, 00000005.00000003.2493478584.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2380332434.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/
        Source: saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.
        Source: saBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002902000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2935450892.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml
        Source: saBSI.exe, 00000005.00000003.2493478584.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2380332434.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2935450892.0000000004D33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/
        Source: saBSI.exe, saBSI.exe, 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2279002766.000000000012E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml
        Source: saBSI.exe, 00000005.00000003.2380332434.0000000002906000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2380009561.0000000002906000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002902000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml
        Source: saBSI.exe, 00000005.00000003.2493478584.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2380332434.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml/
        Source: saBSI.exe, 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2279002766.000000000012E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplatSELF_UPDATE_ALLOWEDMAIN_XMLSTORE
        Source: saBSI.exe, saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json4
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonPROCESS
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonRS=2On
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonW
        Source: saBSI.exe, 00000005.00000002.2935450892.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi
        Source: saBSI.exe, 00000005.00000002.2935450892.0000000004D33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/
        Source: saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml
        Source: saBSI.exe, 00000005.00000003.2493478584.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2380332434.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002922000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml/
        Source: saBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xmlember
        Source: saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/binary
        Source: saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000288D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/64/installer.exe
        Source: saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/64/installer.exeexe
        Source: saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/64/installer.exem
        Source: saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/pc/partner_custom_bsi.xml
        Source: saBSI.exe, 00000005.00000003.2493478584.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xml
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa
        Source: saBSI.exe, 00000005.00000002.2935450892.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary
        Source: saBSI.exe, 00000005.00000002.2935450892.0000000004D33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary/
        Source: saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/v1/p
        Source: saBSI.exe, 00000005.00000002.2935450892.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2935450892.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2567314138.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/v1/pc/partner_custom_vars.xml
        Source: saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/v1/pc/partner_custom_vars.xml7
        Source: saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/v1/pc/partner_custom_vars.xmln
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saLOCALA
        Source: saBSI.exe, 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2279002766.000000000012E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saUPDATER_URLupdater.exeWebAdvisor_Updaterheron_hostthreat.ap
        Source: saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/t?
        Source: saBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com:443/products/SA/BSI/bsi_abtest.xmlATE
        Source: saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com:443/products/SA/v1/bsi/4.1.1/install.xmlE
        Source: saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com:443/products/SA/v1/installer/4.1.1/995/64/installer.exeTION
        Source: saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com:443/products/SA/v1/pc/partner_custom_bsi.xml
        Source: saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com:443/products/sa/v1/pc/partner_custom_vars.xml
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sciter.com0/
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2928141299.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2715273606.00000000053EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net
        Source: avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.0000000000647000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net/
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763572224.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActi
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.000000000094D000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2745537272.0000000003572000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000929000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763417695.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exe
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000819000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com/
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000898000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com/?_=1735038370653&retry_tracking_count=0&last_request_error_code=0&la
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000849000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com?_=1735038370653
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2937175414.0000000002799000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.comnsSetFatalTrackingUrlnorton.installer.fataleventnsAddFatalTrackingPar
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.net
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://submit.sb.avast.com
        Source: norton_secure_browser_setup.exe, 00000007.00000003.2367095116.0000000003E1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
        Source: norton_secure_browser_setup.exe, 00000007.00000003.2364873290.0000000003E0E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2367095116.0000000003E1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.com
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.comhttps://submit.sb.avast.comhttps://hns.sb.avast.comhttps://winq
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764336975.0000000000919000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/privacy
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764336975.0000000000919000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/privacy-k&
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764336975.0000000000919000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/terms
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.com
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.000000000094D000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2745537272.0000000003572000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000929000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763417695.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-products
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2747091095.0000000004E10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula:v
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2742327506.00000000024B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/prVersion
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.000000000094D000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2745537272.0000000003572000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2747091095.0000000004E10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764336975.0000000000919000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764336975.0000000000919000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policyLk
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E32000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2307959551.0000000004EF2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306878132.0000000004EF1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004EF1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433301720.0000000004EF6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2749782006.0000000004EF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula/en-us/
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433301720.0000000004EF6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2749782006.0000000004EF6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004E2D000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2277783422.0000000004E32000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2308120511.0000000004E2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eulacyet
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433485584.00000000068C5000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2336433829.00000000068C8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337001514.00000000068CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eulacyetg
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764336975.0000000000919000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433556335.0000000004E2C000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2307998102.0000000004EDA000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2747353590.0000000004E34000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004E2D000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E32000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2307959551.0000000004EF2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306878132.0000000004EF1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004EF1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433301720.0000000004EF6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2749782006.0000000004EF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy-us/
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433301720.0000000004EF6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2749782006.0000000004EF6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433485584.00000000068C5000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2336433829.00000000068C8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337001514.00000000068CA000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004E2D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy4Xb8
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763572224.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764863031.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.00000000008B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/about/privacy-policy
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/legal/end-user-license-agreement
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000000.1680500669.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.html
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764181804.0000000000936000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004E77000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2277783422.0000000004E8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html/1506/norton_secure_browser_setup.zip&Bl?
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2431828115.0000000004EBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html1c5ce9cd6f798ad443
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2747091095.0000000004E10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlJ
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000930000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/EN.pngowser_setup.zip
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/f.ng
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2279002766.000000000012E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlW
        Source: saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmln
        Source: norton_secure_browser_setup.exe, 00000007.00000003.2412179424.0000000004A21000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2921730208.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412311308.0000000004A2B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003676000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002704000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000276B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000431A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004242000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003793000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000379E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002687000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036FF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003630000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036C6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003B2B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000042D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2751722372.0000000007471000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/leg
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2751722372.00000000074D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2431828115.0000000004EBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/2.tmp
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2431828115.0000000004EBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/A
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2751722372.0000000007561000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/p
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2751722372.0000000007561000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/pr
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2751722372.00000000074D8000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764863031.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2308120511.0000000004E2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763572224.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764863031.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.00000000008B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computers
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763572224.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764863031.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.00000000008B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computers=)X
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764336975.0000000000919000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacy
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764336975.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763572224.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764863031.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.00000000008B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/privacy-policy
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763417695.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/legal/customer-privacy-policy
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763417695.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/legal/customer-privacy-policy9
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000000.1680500669.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/cps0/
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/repository0W
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
        Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
        Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
        Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
        Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
        Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
        Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
        Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
        Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
        Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
        Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
        Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49733 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49734 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49736 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49737 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49740 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49745 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49746 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49747 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49755 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 44.228.210.164:443 -> 192.168.2.4:49756 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.223:443 -> 192.168.2.4:49762 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.105:443 -> 192.168.2.4:49772 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49783 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49792 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.20.86.8:443 -> 192.168.2.4:49791 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 65.9.108.105:443 -> 192.168.2.4:49794 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.20.86.8:443 -> 192.168.2.4:49846 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.20.86.8:443 -> 192.168.2.4:49849 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.20.86.8:443 -> 192.168.2.4:49848 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.20.86.8:443 -> 192.168.2.4:49863 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49907 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49910 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49912 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49923 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49989 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49995 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49996 version: TLS 1.2
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00405601 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,7_2_00405601

        E-Banking Fraud

        barindex
        Checks if browser processes are running
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: lstrcpyW,lstrcpyW,lstrcmpW,lstrcpyW,lstrlenW,lstrcpyW,GetFileAttributesW,CreateFileW,GetFileSize,GlobalAlloc,ReadFile,MultiByteToWideChar,GlobalAlloc,MultiByteToWideChar,GlobalFree,CloseHandle,StrStrW,StrStrW,StrStrW,StrStrW,GlobalAlloc,lstrcpynW,GlobalFree,CloseHandle,GlobalFree, \SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppxManifest.xml7_2_6AE22050

        Spam, unwanted Advertisements and Ransom Demands

        barindex
        Writes many files with high entropy
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0 (copy) entropy: 7.99597518735Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1 (copy) entropy: 7.99668482326Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2 (copy) entropy: 7.99994992874Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0.zip (copy) entropy: 7.99597518735Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1.zip (copy) entropy: 7.99668482326Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2.zip (copy) entropy: 7.99994992874Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\installer.exe entropy: 7.99774389448Jump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\38c5c893-8e0d-4032-96a7-5f0fdffaba37 entropy: 7.99982131586Jump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\484d38e6-6bc7-41bd-bb9d-2e557c63a54e entropy: 7.99990414125Jump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\e5752873-542b-4414-940a-117ab556e630 entropy: 7.99866005103Jump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\setupui.cont entropy: 7.99945456192Jump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\10460286-666d-43b7-924e-404997778a2c entropy: 7.99949886139Jump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\7cc1ae5c-206b-4137-94e9-860f31962ff3 entropy: 7.9999260316Jump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\9c8a6547-ee3b-45b9-a388-ae4a211904c1 entropy: 7.99995124837Jump to dropped file
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\{01288569-79D1-4166-8789-EAD05C40E973}-NortonBrowserInstaller.exe entropy: 7.99993981636Jump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\setupui.cont entropy: 7.99945456192Jump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\icarus_product.dll.lzma entropy: 7.99946367131Jump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\icarus_rvrt.exe.lzma entropy: 7.99325569022Jump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus_rvrt.exe.lzma entropy: 7.99325569022Jump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus_product.dll.lzma entropy: 7.99990334673Jump to dropped file

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: Process Memory Space: NortonBrowserUpdateSetup.exe PID: 1544, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
        Source: C:\Program Files (x86)\GUTC558.tmp, type: DROPPEDMatched rule: PlugX Identifying Strings Author: Seth Hardy
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007CC610 NtQueryInformationProcess,GetModuleHandleW,GetProcAddress,GetLastError,GetLastError,NtQueryInformationProcess,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,8_2_007CC610
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007CFDD0 GetModuleHandleW,GetProcAddress,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,8_2_007CFDD0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007CC6D0 NtQueryInformationProcess,8_2_007CC6D0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00086220: GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,5_2_00086220
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0B9B40 GetFileAttributesW,CloseHandle,lstrlenW,lstrlenW,lstrlenW,GetFileAttributesW,CloseHandle,GlobalAlloc,CloseHandle,lstrcpyW,lstrcpyW,lstrcpyW,lstrcpyW,lstrcpyW,lstrcpyW,GlobalAlloc,CloseHandle,lstrcpyW,lstrcpyW,lstrlenW,lstrcpyW,lstrcpyW,WTSGetActiveConsoleSessionId,CloseHandle,LoadLibraryW,LoadLibraryW,CloseHandle,LoadLibraryW,CloseHandle,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,DuplicateTokenEx,GetTokenInformation,GetTokenInformation,GetTokenInformation,CloseHandle,CreateProcessAsUserW,CloseHandle,CloseHandle,ShellExecuteExW,CloseHandle,CloseHandle,CreateProcessW,CloseHandle,AllowSetForegroundWindow,GlobalFree,CloseHandle,CloseHandle,7_2_6B0B9B40
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040350D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040350D
        Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Caches
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6ff020.msi
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{469D3039-E8BB-40CB-9989-158443EEA4EB}
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF178.tmp
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6ff023.msi
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6ff023.msi
        Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\6ff023.msi
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00084F505_2_00084F50
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00088FB05_2_00088FB0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000870D95_2_000870D9
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0008F1105_2_0008F110
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000A73B05_2_000A73B0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000BD5405_2_000BD540
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000C18405_2_000C1840
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000A3AC05_2_000A3AC0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000B81905_2_000B8190
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000C83A05_2_000C83A0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000BA5405_2_000BA540
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0006A6105_2_0006A610
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_001086095_2_00108609
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000D06605_2_000D0660
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000C47C05_2_000C47C0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000C28A05_2_000C28A0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_001168E05_2_001168E0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000F09195_2_000F0919
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_001109925_2_00110992
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00110AB25_2_00110AB2
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00062B005_2_00062B00
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000F0B4B5_2_000F0B4B
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000C6D435_2_000C6D43
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000F0DB05_2_000F0DB0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000EADD05_2_000EADD0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00098EA05_2_00098EA0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0006CF405_2_0006CF40
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000BF1505_2_000BF150
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000AD2C05_2_000AD2C0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000F933A5_2_000F933A
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000FB3405_2_000FB340
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000654005_2_00065400
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_001014AF5_2_001014AF
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000CB4F05_2_000CB4F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000C76025_2_000C7602
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0006F8305_2_0006F830
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0010D8E05_2_0010D8E0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000F390B5_2_000F390B
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000C3A305_2_000C3A30
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0009FB405_2_0009FB40
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00093C505_2_00093C50
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0008BCB05_2_0008BCB0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00067D105_2_00067D10
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000BFFE05_2_000BFFE0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_004752F06_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_0047BB706_2_0047BB70
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_0048C9D06_2_0048C9D0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_0049126C6_2_0049126C
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_0047D3406_2_0047D340
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_0047EDE06_2_0047EDE0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_0048CE7E6_2_0048CE7E
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_004866E46_2_004866E4
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00406B647_2_00406B64
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE2C7717_2_6AE2C771
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5DAF17_2_6AE5DAF1
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5D20E7_2_6AE5D20E
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE492197_2_6AE49219
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5C3CA7_2_6AE5C3CA
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE420FA7_2_6AE420FA
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5D82A7_2_6AE5D82A
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE446E27_2_6AE446E2
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE4C78B7_2_6AE4C78B
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE4E7907_2_6AE4E790
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE41C867_2_6AE41C86
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5A47D7_2_6AE5A47D
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE4944B7_2_6AE4944B
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5DDAC7_2_6AE5DDAC
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5D5807_2_6AE5D580
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5A59D7_2_6AE5A59D
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE58D2E7_2_6AE58D2E
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AEC6AF07_2_6AEC6AF0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE9E75B7_2_6AE9E75B
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AEBA44A7_2_6AEBA44A
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF7B3B07_2_6AF7B3B0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE9336A7_2_6AE9336A
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AFB80C97_2_6AFB80C9
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE95A597_2_6AE95A59
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE95B9D7_2_6AE95B9D
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE958F97_2_6AE958F9
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE9DEEF7_2_6AE9DEEF
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AEC1EF47_2_6AEC1EF4
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE99C747_2_6AE99C74
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE95DC17_2_6AE95DC1
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF1D38B7_2_6AF1D38B
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE993277_2_6AE99327
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AFE91407_2_6AFE9140
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AFA552D7_2_6AFA552D
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0B97307_2_6B0B9730
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6F6F2F077_2_6F6F2F07
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008302B08_2_008302B0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008223208_2_00822320
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008085208_2_00808520
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008269508_2_00826950
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_00828DF08_2_00828DF0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_0080B4508_2_0080B450
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008197B08_2_008197B0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008218608_2_00821860
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008479B08_2_008479B0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007DF9108_2_007DF910
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_0088A0908_2_0088A090
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008180B08_2_008180B0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_0088C0408_2_0088C040
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007BE1708_2_007BE170
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007F81208_2_007F8120
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007C21008_2_007C2100
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_0080A1308_2_0080A130
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007DA1B08_2_007DA1B0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007AC2608_2_007AC260
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_0086A2008_2_0086A200
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_0088221D8_2_0088221D
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008462408_2_00846240
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007FE2A08_2_007FE2A0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008964838_2_00896483
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007C04608_2_007C0460
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008A04A98_2_008A04A9
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008784568_2_00878456
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_0086C4708_2_0086C470
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008825AB8_2_008825AB
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007C25808_2_007C2580
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_0080A7E08_2_0080A7E0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008468108_2_00846810
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007AC8808_2_007AC880
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008249C08_2_008249C0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007E29108_2_007E2910
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008769408_2_00876940
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007E8B408_2_007E8B40
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007BEB308_2_007BEB30
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007CAB108_2_007CAB10
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007C2BC08_2_007C2BC0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007AAC008_2_007AAC00
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007C4CB08_2_007C4CB0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_00812DF08_2_00812DF0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008510908_2_00851090
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007A10008_2_007A1000
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007BD0008_2_007BD000
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007E10B08_2_007E10B0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007C35108_2_007C3510
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008716308_2_00871630
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008496508_2_00849650
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008957E48_2_008957E4
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_0086F8008_2_0086F800
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_0086D8408_2_0086D840
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_0082D9008_2_0082D900
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007FB9B08_2_007FB9B0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007BDB408_2_007BDB40
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_00869B408_2_00869B40
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007EBCD08_2_007EBCD0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007C5CA08_2_007C5CA0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_00869EB08_2_00869EB0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007EFED08_2_007EFED0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_0081BF108_2_0081BF10
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: String function: 007B8930 appears 52 times
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: String function: 007C81F0 appears 36 times
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: String function: 007C7650 appears 62 times
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: String function: 00855E80 appears 38 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AF7C191 appears 75 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE9C7B4 appears 518 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AF06AC0 appears 114 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AEAF8D7 appears 91 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE9B025 appears 99 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE9C4DD appears 303 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE9C5E1 appears 80 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE9C6E4 appears 77 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AF06772 appears 33 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE925C6 appears 241 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE5F420 appears 34 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE9AD14 appears 276 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AF06A1B appears 216 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AEAF913 appears 77 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE9AE1C appears 116 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE9B0CE appears 34 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AF069E8 appears 310 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AF06A51 appears 114 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AF06A87 appears 176 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B0B5170 appears 83 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AEEC485 appears 34 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B0B2930 appears 34 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: String function: 000EA3A0 appears 32 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: String function: 000E9600 appears 61 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: String function: 00104231 appears 31 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: String function: 000E85BF appears 71 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: String function: 000E8E31 appears 79 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: String function: 000A8650 appears 192 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: String function: 000E8DFE appears 111 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: String function: 00071BE0 appears 67 times
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: String function: 000E8713 appears 374 times
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6836 -ip 6836
        Source: Canvas of Kings_N6xC-S2.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
        Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
        Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
        Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: installer.exe.5.drStatic PE information: Resource name: PAYLOAD type: Microsoft Cabinet archive data, many, 23003272 bytes, 135 files, at 0x2c +A "analyticsmanager.cab" +A "analyticstelemetry.cab", number 1, 845 datablocks, 0x1 compression
        Source: sciterui.dll.7.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Source: goopdateres_th.dll.13.drStatic PE information: Resource name: RT_STRING type: PDP-11 overlaid pure executable not stripped
        Source: goopdateres_tr.dll.13.drStatic PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped
        Source: goopdateres_vi.dll.13.drStatic PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
        Source: goopdateres_ca.dll.13.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
        Source: goopdateres_fil.dll.13.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
        Source: goopdateres_hu.dll.13.drStatic PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
        Source: goopdateres_ms.dll.13.drStatic PE information: Resource name: RT_STRING type: 370 sysV executable not stripped
        Source: goopdateres_ca.dll.14.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
        Source: goopdateres_fil.dll.14.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
        Source: goopdateres_hu.dll.14.drStatic PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
        Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
        Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
        Source: sciterui.dll.7.drStatic PE information: No import functions for PE file found
        Source: installer.exe.5.drStatic PE information: Data appended to the last section found
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000000.1674377089.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs Canvas of Kings_N6xC-S2.exe
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Canvas of Kings_N6xC-S2.exe
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Canvas of Kings_N6xC-S2.exe
        Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.2755978022.0000000002328000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs Canvas of Kings_N6xC-S2.exe
        Source: Canvas of Kings_N6xC-S2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
        Source: Process Memory Space: NortonBrowserUpdateSetup.exe PID: 1544, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
        Source: C:\Program Files (x86)\GUTC558.tmp, type: DROPPEDMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpKey value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon versionJump to behavior
        Source: qbittorrent.exe.1.drStatic PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
        Source: classification engineClassification label: mal64.rans.bank.troj.spyw.evad.winEXE@62/279@26/7
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040350D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040350D
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF1A11E __EH_prolog3_catch_GS,__EH_prolog3_catch_GS,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,GetShellWindow,GetWindowThreadProcessId,OpenProcess,GetLastError,GetShellWindow,GetProcessId,OpenProcessToken,GetLastError,DuplicateTokenEx,GetLastError,CreateProcessWithTokenW,GetLastError,GetLastError,7_2_6AF1A11E
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007CFF60 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,8_2_007CFF60
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_004752F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00074C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,5_2_00074C8E
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00075C1E CoCreateInstance,OleRun,5_2_00075C1E
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00095318 GetModuleHandleW,FindResourceW,LoadResource,LockResource,std::ios_base::_Ios_base_dtor,GetModuleHandleW,GetProcAddress,GetCurrentProcess,Concurrency::cancel_current_task,Concurrency::cancel_current_task,SysFreeString,SysFreeString,5_2_00095318
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeMutant created: \Sessions\1\BaseNamedObjects\QtLockedFile mutex c:/users/user/appdata/roaming/qbittorrent/lockfile
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeMutant created: NULL
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{D19BAF17-7C87-467E-8D63-6C4B1C836373}
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpMutant created: \Sessions\1\BaseNamedObjects\{2c958236-012f-4348-b699-6519aeb48f99}Installer
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeMutant created: \Sessions\1\BaseNamedObjects\norton-securebrowser_installer_mutex2
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{D19BAF17-7C87-467E-8D63-6C4B1C836373}
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{66CC0160-ABB3-4066-AE47-1CA6AD5065C8}
        Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6836
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{6885AE8E-C070-458d-9711-37B9BEAB65F6}
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{D0BB2EF1-C183-4cdb-B218-040922092869}
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{0A175FBE-AEEC-4fea-855A-2AA549A88846}
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{2c958236-012f-4348-b699-6519aeb48f99}Installer
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{B5665124-2B19-40e2-A7BC-B44321E72C4B}
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6572:120:WilError_03
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\2c95dc9cb28705905cc7377bb410fd9f
        Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeFile created: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmpJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /silent6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /cookie6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /ppi_icd6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /cust_ini6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Enabled6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxyType6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Port6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: User6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Password6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Properties6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /smbupd6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: enable6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: mirror6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: count6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: servers6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: urlpgm6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: server06_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: http://6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: https://6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: allow_fallback6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: mirror6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: installer.exe6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: {versionSwitch}6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: stable6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: %s\%s6_2_004752F0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: X>I6_2_004752F0
        Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2977306249.000000006B00E000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
        Source: norton_secure_browser_setup.exe, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2977306249.000000006B00E000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: SELECT ((visits.visit_time/1000000)-11644473600) AS vtime FROM 'visits' ORDER BY vtime DESC LIMIT 1;
        Source: norton_secure_browser_setup.exe, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2977306249.000000006B00E000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: SELECT last_visit_date / 1000000 AS vtime FROM 'moz_places' ORDER BY vtime DESC LIMIT 1;
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2977306249.000000006B00E000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2977306249.000000006B00E000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2977306249.000000006B00E000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
        Source: qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
        Source: Canvas of Kings_N6xC-S2.exeReversingLabs: Detection: 18%
        Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeFile read: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe "C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe"
        Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeProcess created: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp "C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp" /SL5="$20416,13566766,780800,C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbM7D8YdixE5HhZyLyta7SFjWzBoCRk5knOtfwaHxtSx8W5YVAbWE4FqjuMlqeXqa53IPQ
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbM7D8YdixE5HhZyLyta7SFjWzBoCRk5knOtfwaHxtSx8W5YVAbWE4FqjuMlqeXqa53IPQ /cookie:mmm_irs_ppi_902_451_o /ga_clientid:729de4ae-763f-4df7-a043-5659222e822a /edat_dir:C:\Windows\Temp\asw.d8c2b19fc2277941
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exe "qBittorrent" ENABLE
        Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exe "C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exe" magnet:?xt=urn:btih:BFF18AF5608F9196CF05BF0C1F0B54A18C3F0A77
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe "C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6836 -ip 6836
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 2516
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
        Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c
        Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe"
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe"
        Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0NDMDExQUU3LUFBRTUtNDU0My04NERCLUU0RDQ4MTM1ODMzRH0iIHVzZXJpZD0iezA4MDIwMkM2LTAzOTEtNDM2MC04OUUxLUMzQjg2Nzc2RDEyNX0iIHVzZXJpZF9kYXRlPSIyMDI0MTIyNCIgbWFjaGluZWlkPSJ7MDAwMEE1QkYtREU0OC1DNDM5LTg3RjAtNkQ4MTJBQUJFMDk3fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjI0IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0JBMTMwMjRFLUQ1QUYtNDgxNi05OTQ1LTA4Mzk0NzkxMEY5Rn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjA5NCIvPjwvYXBwPjwvcmVxdWVzdD4
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{CC011AE7-AAE5-4543-84DB-E4D48135833D}" /silent
        Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6836 -ip 6836
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 2516
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbM7D8YdixE5HhZyLyta7SFjWzBoCRk5knOtfwaHxtSx8W5YVAbWE4FqjuMlqeXqa53IPQ /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.d8c2b19fc2277941 /track-guid:729de4ae-763f-4df7-a043-5659222e822a
        Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeProcess created: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp "C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp" /SL5="$20416,13566766,780800,C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe" Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbM7D8YdixE5HhZyLyta7SFjWzBoCRk5knOtfwaHxtSx8W5YVAbWE4FqjuMlqeXqa53IPQJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exe "qBittorrent" ENABLEJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exe "C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exe" magnet:?xt=urn:btih:BFF18AF5608F9196CF05BF0C1F0B54A18C3F0A77Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbM7D8YdixE5HhZyLyta7SFjWzBoCRk5knOtfwaHxtSx8W5YVAbWE4FqjuMlqeXqa53IPQ /cookie:mmm_irs_ppi_902_451_o /ga_clientid:729de4ae-763f-4df7-a043-5659222e822a /edat_dir:C:\Windows\Temp\asw.d8c2b19fc2277941Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"Jump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbM7D8YdixE5HhZyLyta7SFjWzBoCRk5knOtfwaHxtSx8W5YVAbWE4FqjuMlqeXqa53IPQ /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.d8c2b19fc2277941 /track-guid:729de4ae-763f-4df7-a043-5659222e822aJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe "C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0NDMDExQUU3LUFBRTUtNDU0My04NERCLUU0RDQ4MTM1ODMzRH0iIHVzZXJpZD0iezA4MDIwMkM2LTAzOTEtNDM2MC04OUUxLUMzQjg2Nzc2RDEyNX0iIHVzZXJpZF9kYXRlPSIyMDI0MTIyNCIgbWFjaGluZWlkPSJ7MDAwMEE1QkYtREU0OC1DNDM5LTg3RjAtNkQ4MTJBQUJFMDk3fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjI0IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0JBMTMwMjRFLUQ1QUYtNDgxNi05OTQ1LTA4Mzk0NzkxMEY5Rn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjA5NCIvPjwvYXBwPjwvcmVxdWVzdD4
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{CC011AE7-AAE5-4543-84DB-E4D48135833D}" /silent
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6836 -ip 6836
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 2516
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6836 -ip 6836
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 2516
        Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe"
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe"
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
        Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
        Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: wtsapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: winsta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: rstrtmgr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: msimg32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: winhttpcom.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: webio.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: msftedit.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: windows.globalization.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: bcp47mrm.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: globinputhost.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dataexchange.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: d3d11.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dcomp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dxgi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: explorerframe.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: sxs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: zipfldr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: windows.fileexplorer.common.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: shdocvw.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: appresolver.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: acgenral.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: msacm32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: wtsapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: winsta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: webio.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: netprofm.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: npmproxy.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: webio.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wtsapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winsta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: webio.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dll
        Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: iphlpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: powrprof.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: dbghelp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: wtsapi32.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: dwmapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: mpr.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: userenv.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: version.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: netapi32.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: winmm.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: mswsock.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: cryptbase.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: srvcli.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: netutils.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: umpdc.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: profapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: d3d9.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: d3d10warp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: dataexchange.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: d3d11.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: dcomp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: dxgi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: twinapi.appcore.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: dwrite.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: textinputframework.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: coreuicomponents.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: coremessaging.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: ntmarta.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeSection loaded: wintypes.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeSection loaded: ntmarta.dll
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeSection loaded: apphelp.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: windows.storage.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: wldp.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: iphlpapi.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: msi.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: netapi32.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: version.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: userenv.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: wtsapi32.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: msimg32.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: uxtheme.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: wininet.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: wkscli.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: netutils.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: cryptbase.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: msasn1.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: profapi.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: cscapi.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: ntmarta.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: kernel.appcore.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: msxml3.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: apphelp.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: taskschd.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: sspicli.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: cryptsp.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: rsaenh.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: textinputframework.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: coreuicomponents.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: coremessaging.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: coremessaging.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: propsys.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: edputil.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: urlmon.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: iertutil.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: srvcli.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: windows.staterepositoryps.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: appresolver.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: bcp47langs.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: slc.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: sppc.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: onecorecommonproxystub.dll
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSection loaded: onecoreuapcommonproxystub.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
        Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dll
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InProcServer32Jump to behavior
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile written: C:\ProgramData\AVG\Icarus\settings\temporary_proxy.ini
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpWindow found: window name: TSelectLanguageFormJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: OK
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Next
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Accept
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Accept
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Accept
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Run
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: Canvas of Kings_N6xC-S2.exeStatic PE information: certificate valid
        Source: Canvas of Kings_N6xC-S2.exeStatic file information: File size 14472984 > 1048576
        Source: Canvas of Kings_N6xC-S2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_ms.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000042E1000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\work\3db0bf373ac3fc9b\Release Midex\Midex.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_fa.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003676000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: NortonBrowserUpdateBroker_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000307F000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_ru.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000379E000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_lt.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003720000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_el.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003630000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_tr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004399000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000027F5000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_de.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002614000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: NortonBrowserCrashHandler_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\work\c6a7e165ce7a986c\Unicode\Plugins\inetc.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: NortonBrowserUpdateCore_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000040AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003525000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: NortonBrowserCrashHandler64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_mr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000042D5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003742000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_bg.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000025DB000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_gu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002692000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_sr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004353000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_th.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000438D000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 00000006.00000000.2308794053.0000000000493000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2921459091.0000000000493000.00000002.00000001.01000000.0000000E.sdmp
        Source: Binary string: psmachine_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\work\7c64e6304ba228bc\Plugins\nsJSON.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2978405681.000000006F6F6000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: psmachine_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2279002766.000000000012E000.00000002.00000001.01000000.0000000D.sdmp
        Source: Binary string: psuser_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: psuser_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_am.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000025C0000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_lv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000271A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000042BE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_cs.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000025FD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000041A1000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdate_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000039A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000002E82000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_hi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004242000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_es-419.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000365E000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: G:\QBITTORRENT\build-qbittorrent442-Qt5_msvc2017_x32-Release\src\release\qbittorrent.pdb source: qbittorrent.exe, 0000000B.00000000.2393333564.0000000001546000.00000002.00000001.01000000.00000018.sdmp
        Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mi_exe_stub.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000000.2413429268.0000000000098000.00000002.00000001.01000000.0000001C.sdmp
        Source: Binary string: goopdateres_unsigned_pt-BR.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000276B000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_hr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026AA000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_id.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036D2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004265000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: psuser_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_zh-TW.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000002.2924855060.00000000006FF000.00000004.00000010.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000282D000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb} source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: psmachine_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\work\ed1c64258fb55966\build\Release\thirdparty.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2976316348.000000006AE2E000.00000002.00000001.01000000.00000014.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_sw.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000436A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000027C6000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_pt-PT.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000431A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002776000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: NortonBrowserUpdateOnDemand_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000028CB000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb[ source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: npNortonBrowserUpdate3_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003B2B000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_vi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000043BB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002817000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_bn.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000025E6000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\work\9bf849bab5260311\Plugins\Release_Mini\StdUtils.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2976705531.000000006AE63000.00000002.00000001.01000000.00000013.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\work\f369f300b8043bce\plugins\src\jsis\build\Release Unicode\jsis.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2977983655.000000006B0C2000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: acuapi_64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_ja.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036FF000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_sv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000027BB000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_es.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000041E6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003653000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_is.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004270000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_ro.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003793000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_fr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002687000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_uk.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002800000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000043A4000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\work\893f00f663353e48\bin\x86\MinSizeRel\JsisPlugins.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2977306249.000000006B00E000.00000002.00000001.01000000.00000012.sdmp
        Source: Binary string: goopdateres_unsigned_ca.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004196000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003602000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_nl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000042ED000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_ko.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002704000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_et.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002659000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_iw.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036F4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004287000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_no.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002754000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000042F8000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000000.2362106863.00000000008B4000.00000002.00000001.01000000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2929833021.00000000008B4000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: goopdateres_unsigned_fil.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000368C000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_pl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004303000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_en-GB.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000041DB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003648000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: psuser_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_ml.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003736000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_fi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004214000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_hu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036C6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004259000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdbM source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_en.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000363C000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: psmachine_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_ar.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000025D0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004174000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_sl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000027A4000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_zh-CN.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002822000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: goopdateres_unsigned_kn.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026F9000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: acuapi_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000031FA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003D50000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\work\21e9bc5e69dd57f1\build\Release Unicode\jsisdl.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000B2B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,5_2_000B2B30
        Source: Canvas of Kings_N6xC-S2.exeStatic PE information: section name: .didata
        Source: Canvas of Kings_N6xC-S2.tmp.0.drStatic PE information: section name: .didata
        Source: qbittorrent.exe.1.drStatic PE information: section name: .qtmetad
        Source: qbittorrent.exe.1.drStatic PE information: section name: .qtmimed
        Source: saBSI.exe.1.drStatic PE information: section name: .didat
        Source: avg_antivirus_free_setup.exe.1.drStatic PE information: section name: .didat
        Source: installer.exe.5.drStatic PE information: section name: _RDATA
        Source: avg_antivirus_free_online_setup.exe.6.drStatic PE information: section name: .didat
        Source: dump_process.exe.8.drStatic PE information: section name: .didat
        Source: dump_process.exe.8.drStatic PE information: section name: _RDATA
        Source: bug_report.exe.8.drStatic PE information: section name: _RDATA
        Source: icarus.exe.8.drStatic PE information: section name: .didat
        Source: icarus.exe.8.drStatic PE information: section name: _RDATA
        Source: icarus_ui.exe.8.drStatic PE information: section name: _RDATA
        Source: NortonBrowserUpdateComRegisterShell64.exe.13.drStatic PE information: section name: _RDATA
        Source: acuapi_64.dll.13.drStatic PE information: section name: _RDATA
        Source: psmachine.dll.13.drStatic PE information: section name: .orpc
        Source: psmachine_64.dll.13.drStatic PE information: section name: .orpc
        Source: psmachine_64.dll.13.drStatic PE information: section name: _RDATA
        Source: psuser.dll.13.drStatic PE information: section name: .orpc
        Source: psuser_64.dll.13.drStatic PE information: section name: .orpc
        Source: psuser_64.dll.13.drStatic PE information: section name: _RDATA
        Source: NortonBrowserCrashHandler64.exe.13.drStatic PE information: section name: _RDATA
        Source: NortonBrowserCrashHandler64.exe.14.drStatic PE information: section name: _RDATA
        Source: NortonBrowserUpdateComRegisterShell64.exe.14.drStatic PE information: section name: _RDATA
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000E8DDB push ecx; ret 5_2_000E8DEE
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00117CFD push ecx; ret 5_2_00117D12
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00481396 push ecx; ret 6_2_004813A9
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE267F6 push ecx; ret 7_2_6AE26809
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5F466 push ecx; ret 7_2_6AE5F479
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF06B10 push ecx; ret 7_2_6AF06B23
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF069B6 push ecx; ret 7_2_6AF069C9
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AEB66B5 push ss; retf 7_2_6AEB66B6
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AEBF5F6 push esi; ret 7_2_6AEBF605
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_00855A4C push ecx; ret 8_2_00855A5F

        Persistence and Installation Behavior

        barindex
        Contains functionality to infect the boot sector
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u6_2_0047A100
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_0084C0E0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u8_2_0084BAA0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_0084BD80
        Possible COM Object hijacking
        Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
        Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{93d643dc-f504-42e2-ae1c-14b2e116db0c}\inprocserver32
        Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
        Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{688a291b-6132-43d5-b94b-a62949e22961}\inprochandler32
        Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
        Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{688a291b-6132-43d5-b94b-a62949e22961}\inprochandler32
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\installer.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_en.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_lv.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_gu.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_th.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_zh-TW.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ru.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_fa.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_lt.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_de.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_el.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_is.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_bg.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_mr.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ar.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_hu.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\AccessControl.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\_isetup\_setup64.tmpJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_pt-BR.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\psuser_64.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ko.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_sl.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_pl.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus_product.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dllJump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_uk.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_es.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_fr.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ro.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_te.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_nl.dllJump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus_ui.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_sw.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ta.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\jsisdl.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\acuapi_64.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\zbShieldUtils.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\psmachine.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_es-419.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_zh-CN.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_sr.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_it.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\psuser.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateWebPlugin.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_vi.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_id.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_pt-PT.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_tr.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_hi.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\Midex.dllJump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus_mod.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ms.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\acuapi.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_sk.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dllJump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\dump_process.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\icarus.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdate.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\sciterui.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\thirdparty.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\bug_report.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_sv.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\dump_process.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateComRegisterShell64.exeJump to dropped file
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\{01288569-79D1-4166-8789-EAD05C40E973}-NortonBrowserInstaller.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\jsis.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\icarus_rvrt.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdate.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\npNortonBrowserUpdate3.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_fi.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\dump_process.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateSetup.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dllJump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\bug_report.exeJump to dropped file
        Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeFile created: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_no.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ml.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_kn.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ur.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\JsisPlugins.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_da.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateSetup.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateCore.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_bn.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\inetc.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\nsJSON.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus_rvrt.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\reboot.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_iw.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ca.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\psmachine_64.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ja.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus_ui.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\StdUtils.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_et.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_am.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_fil.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserCrashHandler64.exeJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\bug_report.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_cs.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateOnDemand.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserCrashHandler.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateBroker.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\icarus_product.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_en-GB.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMC557.tmp\goopdateres_hr.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\bug_report.exeJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\dump_process.exeJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\bug_report.exeJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus_product.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\icarus_rvrt.exeJump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\dump_process.exeJump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus_mod.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus_rvrt.exeJump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\bug_report.exeJump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\dump_process.exeJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\icarus_product.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\icarus.exeJump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus_ui.exeJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus_ui.exeJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_004752F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,6_2_004752F0

        Boot Survival

        barindex
        Contains functionality to infect the boot sector
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u6_2_0047A100
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_0084C0E0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u8_2_0084BAA0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_0084BD80
        Creates an undocumented autostart registry key
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000A0540 EnterCriticalSection,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LeaveCriticalSection,5_2_000A0540
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
        Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

        Malware Analysis System Evasion

        barindex
        Checks if the current machine is a virtual machine (disk enumeration)
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
        Contain functionality to detect virtual machines
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: VBoxService.exe VBoxService.exe \VMware\VMware Tools \VMware\VMware Tools QEMU_ QEMU_ VMware Ven_Red_Hat&Prod_VirtIO DiskVBOX DiskVirtual QEMU_ QEMU_ VMware Ven_Red_Hat&Prod_VirtIO DiskVBOX DiskVirtual BOCHS VBOX PRLS 7_2_6B0C0B40
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: VBoxService.exe VBoxService.exe 7_2_6B0C1840
        Contains functionality to compare user and computer (likely to detect sandboxes)
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: CreateToolhelp32Snapshot,lstrcmpiW,Process32FirstW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,Process32NextW,CloseHandle,lstrlenW,lstrcpyW,lstrcpyW,lstrcpyW,GetFileAttributesW,GetFileAttributesW,lstrcpyW,GetFileAttributesW,lstrlenW,lstrcpyW,lstrcpyW,GetFileAttributesW,GetFileAttributesW,lstrcpyW,GetFileAttributesW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,lstrcpyW,lstrlenW,lstrlenW,lstrcpyW,GetFileAttributesW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,GetUserNameW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,7_2_6B0C0B40
        Found stalling execution ending in API Sleep call
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeStalling execution: Execution stalls by calling Sleep
        Query firmware table information (likely to detect VMs)
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeSystem information queried: FirmwareTableInformation
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSystem information queried: FirmwareTableInformation
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeSystem information queried: FirmwareTableInformation
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeSystem information queried: FirmwareTableInformation
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
        Source: norton_secure_browser_setup.exeBinary or memory string: DIR_WATCH.DLL
        Source: norton_secure_browser_setup.exeBinary or memory string: JOEBOXSERVER.EXE
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2715273606.00000000053EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST%/ASWHOOK.DLL</DEST>
        Source: norton_secure_browser_setup.exe, norton_secure_browser_setup.exe, 00000007.00000002.2978218899.000000006B0CC000.00000004.00000001.01000000.00000010.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
        Source: norton_secure_browser_setup.exeBinary or memory string: SBIEDLL.DLL
        Source: norton_secure_browser_setup.exeBinary or memory string: API_LOG.DLL
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2715273606.00000000053EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <PATH>%PRODUCT_INST_32%\ASWHOOKX.DLL</PATH>
        Source: norton_secure_browser_setup.exeBinary or memory string: SNIFF_HIT.EXE
        Source: norton_secure_browser_setup.exeBinary or memory string: JOEBOXCONTROL.EXE
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2715273606.00000000053EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_32%/ASWHOOK.DLL</DEST>
        Source: norton_secure_browser_setup.exeBinary or memory string: C:\MDS\WINDUMP.EXE
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2715273606.00000000053EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_64%/ASWHOOK.DLL</DEST>
        Source: norton_secure_browser_setup.exeBinary or memory string: SYSANALYZER.EXE
        Source: norton_secure_browser_setup.exeBinary or memory string: WIRESHARK.EXE
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened / queried: C:\Program Files (x86)\VMware\VMware ToolsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007FE150 rdtsc 8_2_007FE150
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00074C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,5_2_00074C8E
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\installer.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_en.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_lv.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_gu.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_th.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_zh-TW.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ru.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_fa.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_lt.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_de.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_el.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_is.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_bg.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_mr.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_hu.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ar.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\AccessControl.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\_isetup\_setup64.tmpJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_pt-BR.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\psuser_64.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ko.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_sl.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_pl.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus_product.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_uk.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_fr.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ro.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_te.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_nl.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dllJump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus_ui.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_sw.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ta.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\acuapi_64.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\jsisdl.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\zbShieldUtils.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\psmachine.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_es-419.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_zh-CN.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_it.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_sr.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\psuser.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateWebPlugin.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_vi.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_id.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_pt-PT.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_tr.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_hi.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\Midex.dllJump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus_mod.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ms.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\acuapi.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_sk.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dllJump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\dump_process.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\thirdparty.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\sciterui.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\bug_report.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_sv.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\dump_process.exeJump to dropped file
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{01288569-79D1-4166-8789-EAD05C40E973}-NortonBrowserInstaller.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\jsis.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\icarus_rvrt.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_fi.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\npNortonBrowserUpdate3.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdate.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\dump_process.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dllJump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\bug_report.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_no.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ml.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_kn.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ur.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\JsisPlugins.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_da.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateCore.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_bn.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\inetc.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus_rvrt.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\nsJSON.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\reboot.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_iw.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ca.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\psmachine_64.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus_ui.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_ja.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\StdUtils.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_et.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_am.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_fil.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\bug_report.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_cs.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateOnDemand.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateBroker.exeJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dllJump to dropped file
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\icarus_product.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_en-GB.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMC557.tmp\goopdateres_hr.dllJump to dropped file
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dllJump to dropped file
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeEvaded block: after key decision
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeEvaded block: after key decision
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_5-85059
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp TID: 7160Thread sleep time: -180000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp TID: 7088Thread sleep time: -30000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exe TID: 5480Thread sleep time: -30000s >= -30000sJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe TID: 2144Thread sleep time: -30000s >= -30000sJump to behavior
        Source: C:\Windows\System32\svchost.exe TID: 6928Thread sleep time: -30000s >= -30000s
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe TID: 6440Thread sleep time: -30000s >= -30000s
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe TID: 2108Thread sleep time: -30000s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeFile opened: PhysicalDrive0Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00405B6C CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405B6C
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_004028D5 FindFirstFileW,7_2_004028D5
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040679D FindFirstFileW,FindClose,7_2_0040679D
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0B7010 lstrlenW,lstrcpyW,lstrcpyW,lstrcpyW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrlenW,lstrcpyW,FindNextFileW,FindClose,7_2_6B0B7010
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007F6F60 FindFirstFileExW,GetLastError,PathMatchSpecW,FindNextFileW,GetLastError,FindClose,UnlockFileEx,8_2_007F6F60
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007EE180 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,SetLastError,8_2_007EE180
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007F4590 FindFirstFileW,FindNextFileW,FindClose,GetFileAttributesW,GetFileAttributesW,SetFileAttributesW,RemoveDirectoryW,Sleep,GetFileAttributesW,8_2_007F4590
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_00820AC0 FindFirstFileW,MoveFileExW,GetLastError,FindNextFileW,GetFileAttributesW,GetLastError,MoveFileExW,GetLastError,FindClose,8_2_00820AC0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000D2782 VirtualQuery,GetSystemInfo,5_2_000D2782
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\userJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extractJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppDataJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmpJump to behavior
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2745537272.0000000003572000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241224060608\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"AVG_BRW\",\"18\":\"ZB_Norton_BRW\",\"19\":\"noChGroupx3\",\"21\":\"gamefabrique\",\"6\":\"3\",\"7\":\"2.40.1.8919\",\"15\":0,\"22\":\"Canvas of Kings\",\"10\":2,\"17\":\"3\",\"16\":\"norton\",\"20}\brand\\PRFG","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRFI","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRFK","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRUC","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRUG","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRUI"],"cp":"https://www.avast.com/privacy","ctu":"https://www.avast.com/eula","ov":61,"cbfo":true,"pv":"1.32","v":3}},{"ad":{"n":"","f":"ZB_RAV_Cross_Tri_NCB","o":"RAV_Cross"},"ps":{"i":"RAV_Triple_NCB/images/DOTPS-855/EN.png","dn":"RAV, VPN by RAV, Online Security, Safer Web","u":"https://shield.reasonsecurity.com/rsStubActivator.exe","p":"-ip:\"dui={userid}&dit={sessionid}&is_silent=true&oc={of}&p={pubid}&a=100&b={ispb}&se=true\" -vp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100&oip=26&ptl=7&dta=true\" -dp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100\" -i -v -d -se=true","r":["ReasonVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonVPN","RAVVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\RAVVPN","ReasonLabs\\VPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-VPN","ReasonSaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cmdu":[{"utr":"HKEY_CLASSES_ROOT","utk":"ReasonPersistentStorage","utvn":"AvUninstallTime","utvt":"SZ","umd":30,"utms":true}],"cp":"https://reasonlabs.com/policies","ctu":"https://reasonlabs.com/policies","win64":true,"pv":"1.26","disk":450,"fe":["{commonpf64}\\ReasonLabs\\EPP\\InstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"cbfo":true,"x":10,"v":1}}],"c":""}3~
        Source: avg_antivirus_free_setup.exe, 00000006.00000002.2926152112.0000000004BA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
        Source: norton_secure_browser_setup.exeBinary or memory string: VMware
        Source: norton_secure_browser_setup.exeBinary or memory string: VBoxService.exe
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764181804.0000000000931000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
        Source: qbittorrent.exe, 0000000B.00000002.2990621506.0000000001623000.00000008.00000001.01000000.00000018.sdmp, qbittorrent.exe, 0000000B.00000000.2394184798.0000000001611000.00000008.00000001.01000000.00000018.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@8"
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.000000000094D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AFF1-A69D9E530F96}\\brand\\PRUG","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRUI"],"cp":"https://www.avast.com/privacy","ctu":"https://www.avast.com/eula","ov":61,"cbfo":true,"pv":"1.32","v":3}},{"ad":{"n":"","f":"ZB_RAV_Cross_Tri_NCB","o":"RAV_Cross"},"ps":{"i":"RAV_Triple_NCB/images/DOTPS-855/EN.png","dn":"RAV, VPN by RAV, Online Security, Safer Web","u":"https://shield.reasonsecurity.com/rsStubActivator.exe","p":"-ip:\"dui={userid}&dit={sessionid}&is_silent=true&oc={of}&p={pubid}&a=100&b={ispb}&se=true\" -vp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100&oip=26&ptl=7&dta=true\" -dp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100\" -i -v -d -se=true","r":["ReasonVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonVPN","RAVVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\RAVVPN","ReasonLabs\\VPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-VPN","ReasonSaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cmdu":[{"utr":"HKEY_CLASSES_ROOT","utk":"ReasonPersistentStorage","utvn":"AvUninstallTime","utvt":"SZ","umd":30,"utms":true}],"cp":"https://reasonlabs.com/policies","ctu":"https://reasonlabs.com/policies","win64":true,"pv":"1.26","disk":450,"fe":["{commonpf64}\\ReasonLabs\\EPP\\InstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"cbfo":true,"x":10,"v":1}}],"c":""}6
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004EB5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: saBSI.exe-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efD
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2362652845.000000000064E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: b\Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:44
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008D3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2309485072.00000000028B7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2929702891.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2360180609.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E35000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2972949516.0000000003E23000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2676967364.00000000006BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: saBSI.exe, 00000005.00000003.2309485072.00000000028B7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWg
        Source: norton_secure_browser_setup.exeBinary or memory string: QEMU_
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2363484184.0000000000665000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: d\Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004E77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:f
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2366201683.000000000066A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:.
        Source: norton_secure_browser_setup.exeBinary or memory string: \VMware\VMware Tools
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
        Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008D3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008DF000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764336975.00000000008DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWA
        Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2622976283.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2580970462.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2390745818.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2748417927.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2486318495.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2676967364.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2412180856.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2569408847.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2406445183.00000000006AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW!
        Source: qbittorrent.exe, 0000000B.00000002.3032016622.0000000004409000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: qbittorrent.exe, 0000000B.00000002.2990621506.0000000001623000.00000008.00000001.01000000.00000018.sdmp, qbittorrent.exe, 0000000B.00000000.2394184798.0000000001611000.00000008.00000001.01000000.00000018.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@
        Source: norton_secure_browser_setup.exe, 00000007.00000003.2369325419.0000000003E4A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeAPI call chain: ExitProcess graph end node
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeAPI call chain: ExitProcess graph end node
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess information queried: ProcessInformationJump to behavior

        Anti Debugging

        barindex
        Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0C0B40 CreateToolhelp32Snapshot,lstrcmpiW,Process32FirstW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,Process32NextW,CloseHandle,lstrlenW,lstrcpyW,lstrcpyW,lstrcpyW,GetFileAttributesW,GetFileAttributesW,lstrcpyW,GetFileAttributesW,lstrlenW,lstrcpyW,lstrcpyW,GetFileAttributesW,GetFileAttributesW,lstrcpyW,GetFileAttributesW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,lstrcpyW,lstrlenW,lstrlenW,lstrcpyW,GetFileAttributesW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,GetUserNameW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,7_2_6B0C0B40
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_007FE150 rdtsc 8_2_007FE150
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_001070B4 IsDebuggerPresent,OutputDebugStringW,5_2_001070B4
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00085204 RegOpenKeyExW,RegQueryValueExW,SetLastError,RegCloseKey,RegCloseKey,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,LoadLibraryExW,GetLastError,5_2_00085204
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00074C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,5_2_00074C8E
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00117BC0 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C5_2_00117BC0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000B2B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,5_2_000B2B30
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000FE8FE mov eax, dword ptr fs:[00000030h]5_2_000FE8FE
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00107C6A mov eax, dword ptr fs:[00000030h]5_2_00107C6A
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00107CAE mov eax, dword ptr fs:[00000030h]5_2_00107CAE
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00107CF2 mov eax, dword ptr fs:[00000030h]5_2_00107CF2
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00107D23 mov eax, dword ptr fs:[00000030h]5_2_00107D23
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00487C5A mov eax, dword ptr fs:[00000030h]6_2_00487C5A
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE25683 mov eax, dword ptr fs:[00000030h]7_2_6AE25683
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE4FBBF mov eax, dword ptr fs:[00000030h]7_2_6AE4FBBF
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE514BE mov eax, dword ptr fs:[00000030h]7_2_6AE514BE
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5147A mov eax, dword ptr fs:[00000030h]7_2_6AE5147A
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AFB75B4 mov eax, dword ptr fs:[00000030h]7_2_6AFB75B4
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AFB7528 mov eax, dword ptr fs:[00000030h]7_2_6AFB7528
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AFA0835 mov eax, dword ptr fs:[00000030h]7_2_6AFA0835
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_00898F06 mov eax, dword ptr fs:[00000030h]8_2_00898F06
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_00898F4A mov eax, dword ptr fs:[00000030h]8_2_00898F4A
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_008935B7 mov ecx, dword ptr fs:[00000030h]8_2_008935B7
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0007463F GetProcessHeap,5_2_0007463F
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess token adjusted: Debug
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess token adjusted: Debug
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess token adjusted: Debug
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess token adjusted: Debug
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeProcess token adjusted: Debug
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000E9018 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_000E9018
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000E93F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_000E93F2
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000ED453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_000ED453
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000E9586 SetUnhandledExceptionFilter,5_2_000E9586
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_004810FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_004810FF
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00481292 SetUnhandledExceptionFilter,6_2_00481292
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_004813AB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_004813AB
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00484476 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00484476
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE26349 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_6AE26349
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE2504A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_6AE2504A
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE269A2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_6AE269A2
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5F76F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_6AE5F76F
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE4FCD2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_6AE4FCD2
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5F47B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_6AE5F47B
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF07AD6 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_6AF07AD6
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF07CDA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_6AF07CDA
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF87181 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_6AF87181
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0B58D0 lstrcmpW,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,7_2_6B0B58D0
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_0087EE56 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_0087EE56
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: 8_2_00855168 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00855168
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0BB610 nsExecLogonUser,7_2_6B0BB610
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbM7D8YdixE5HhZyLyta7SFjWzBoCRk5knOtfwaHxtSx8W5YVAbWE4FqjuMlqeXqa53IPQJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbM7D8YdixE5HhZyLyta7SFjWzBoCRk5knOtfwaHxtSx8W5YVAbWE4FqjuMlqeXqa53IPQ /cookie:mmm_irs_ppi_902_451_o /ga_clientid:729de4ae-763f-4df7-a043-5659222e822a /edat_dir:C:\Windows\Temp\asw.d8c2b19fc2277941Jump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbM7D8YdixE5HhZyLyta7SFjWzBoCRk5knOtfwaHxtSx8W5YVAbWE4FqjuMlqeXqa53IPQ /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.d8c2b19fc2277941 /track-guid:729de4ae-763f-4df7-a043-5659222e822aJump to behavior
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0NDMDExQUU3LUFBRTUtNDU0My04NERCLUU0RDQ4MTM1ODMzRH0iIHVzZXJpZD0iezA4MDIwMkM2LTAzOTEtNDM2MC04OUUxLUMzQjg2Nzc2RDEyNX0iIHVzZXJpZF9kYXRlPSIyMDI0MTIyNCIgbWFjaGluZWlkPSJ7MDAwMEE1QkYtREU0OC1DNDM5LTg3RjAtNkQ4MTJBQUJFMDk3fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjI0IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0JBMTMwMjRFLUQ1QUYtNDgxNi05OTQ1LTA4Mzk0NzkxMEY5Rn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjA5NCIvPjwvYXBwPjwvcmVxdWVzdD4
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{CC011AE7-AAE5-4543-84DB-E4D48135833D}" /silent
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6836 -ip 6836
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 2516
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6836 -ip 6836
        Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 2516
        Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92ptu5hwbbm7d8ydixe5hhzylyta7sfjwzbocrk5knotfwahxtsx8w5yvabwe4fqjumlqexqa53ipq /cookie:mmm_irs_ppi_902_451_o /ga_clientid:729de4ae-763f-4df7-a043-5659222e822a /edat_dir:c:\windows\temp\asw.d8c2b19fc2277941
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe nortonbrowserupdatesetup.exe /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe "c:\program files (x86)\gumc557.tmp\nortonbrowserupdate.exe" /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigb21hagfpzd0iezu4mzdcmue1lui3mketndu2qs1cmdlgluy2odbfoufcnuuwmn0iihvwzgf0zxj2zxjzaw9upsixljgumty0os41iibzagvsbf92zxjzaw9upsixljgumty0os41iibpc21hy2hpbmu9ijeiiglzx29tywhhnjriaxq9ijaiiglzx29znjriaxq9ijeiihnlc3npb25pzd0ie0ndmdexquu3lufbrtutndu0my04nercluu0rdq4mtm1odmzrh0iihvzzxjpzd0ieza4mdiwmkm2ltazotetndm2mc04ouuxlumzqjg2nzc2rdeynx0iihvzzxjpzf9kyxrlpsiymdi0mtiyncigbwfjagluzwlkpsj7mdawmee1qkytreu0oc1dndm5ltg3rjatnkq4mtjbqujfmdk3fsigbwfjagluzwlkx2rhdgu9ijiwmjqxmji0iibpbnn0ywxsc291cmnlpsjvdghlcmluc3rhbgxjbwqiihrlc3rzb3vyy2u9imf1dg8iihjlcxvlc3rpzd0ie0jbmtmwmjrfluq1quytndgxni05otq1lta4mzk0nzkxmey5rn0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7ntgzn0ixqtutqjcyqs00ntzbluiwouytrjy4meu5qui1rtayfsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0ims44lje2ndkunsigbgfuzz0izw4tr0iiigjyyw5kpsiyotizosigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0inja5ncivpjwvyxbwpjwvcmvxdwvzdd4
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /handoff "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{cc011ae7-aae5-4543-84db-e4d48135833d}" /silent
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe c:\windows\temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\icarus-info.xml /install /silent /ws /psh:92ptu5hwbbm7d8ydixe5hhzylyta7sfjwzbocrk5knotfwahxtsx8w5yvabwe4fqjumlqexqa53ipq /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.d8c2b19fc2277941 /track-guid:729de4ae-763f-4df7-a043-5659222e822a
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92ptu5hwbbm7d8ydixe5hhzylyta7sfjwzbocrk5knotfwahxtsx8w5yvabwe4fqjumlqexqa53ipq /cookie:mmm_irs_ppi_902_451_o /ga_clientid:729de4ae-763f-4df7-a043-5659222e822a /edat_dir:c:\windows\temp\asw.d8c2b19fc2277941Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe nortonbrowserupdatesetup.exe /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"Jump to behavior
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe c:\windows\temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\icarus-info.xml /install /silent /ws /psh:92ptu5hwbbm7d8ydixe5hhzylyta7sfjwzbocrk5knotfwahxtsx8w5yvabwe4fqjumlqexqa53ipq /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.d8c2b19fc2277941 /track-guid:729de4ae-763f-4df7-a043-5659222e822aJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe "c:\program files (x86)\gumc557.tmp\nortonbrowserupdate.exe" /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigb21hagfpzd0iezu4mzdcmue1lui3mketndu2qs1cmdlgluy2odbfoufcnuuwmn0iihvwzgf0zxj2zxjzaw9upsixljgumty0os41iibzagvsbf92zxjzaw9upsixljgumty0os41iibpc21hy2hpbmu9ijeiiglzx29tywhhnjriaxq9ijaiiglzx29znjriaxq9ijeiihnlc3npb25pzd0ie0ndmdexquu3lufbrtutndu0my04nercluu0rdq4mtm1odmzrh0iihvzzxjpzd0ieza4mdiwmkm2ltazotetndm2mc04ouuxlumzqjg2nzc2rdeynx0iihvzzxjpzf9kyxrlpsiymdi0mtiyncigbwfjagluzwlkpsj7mdawmee1qkytreu0oc1dndm5ltg3rjatnkq4mtjbqujfmdk3fsigbwfjagluzwlkx2rhdgu9ijiwmjqxmji0iibpbnn0ywxsc291cmnlpsjvdghlcmluc3rhbgxjbwqiihrlc3rzb3vyy2u9imf1dg8iihjlcxvlc3rpzd0ie0jbmtmwmjrfluq1quytndgxni05otq1lta4mzk0nzkxmey5rn0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7ntgzn0ixqtutqjcyqs00ntzbluiwouytrjy4meu5qui1rtayfsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0ims44lje2ndkunsigbgfuzz0izw4tr0iiigjyyw5kpsiyotizosigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0inja5ncivpjwvyxbwpjwvcmvxdwvzdd4
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /handoff "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{cc011ae7-aae5-4543-84db-e4d48135833d}" /silent
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0BA3A0 GetVersion,GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,7_2_6B0BA3A0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_000E9215 cpuid 5_2_000E9215
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,5_2_001045DA
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_0010C907
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_0010C952
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_0010C9ED
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,5_2_0010CA80
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,5_2_0010CCE0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_0010CE06
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,5_2_0010CF0C
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,5_2_0010CFDB
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoEx,5_2_000E7E28
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_00103F6D
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,7_2_6AE54278
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_6AE5439E
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,7_2_6AE54025
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,7_2_6AE51164
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,7_2_6AE53EFF
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,7_2_6AE53EB4
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,7_2_6AE53E0D
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,7_2_6AE53F9A
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,7_2_6AE544A4
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,7_2_6AE50C40
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,7_2_6AE53C12
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_6AE54573
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,7_2_6AFBEA4D
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_6AFBEB75
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,7_2_6AFB2F18
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,7_2_6AFBEC7D
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_6AFBED50
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,7_2_6AFBE3C3
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoEx,7_2_6AF0637C
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,7_2_6AFBE6D2
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,7_2_6AFBE669
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,7_2_6AFBE7F8
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,7_2_6AFBE76D
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,7_2_6AFBE5C0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,7_2_6AFB39CC
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,GetUserDefaultUILanguage,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,wsprintfW,7_2_6B0B78C0
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,GlobalAlloc,GlobalAlloc,GlobalAlloc,lstrcpyW,lstrcpyW,wsprintfW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,7_2_6B0B7510
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: nsGetLocaleInfo,GetLocaleInfoW,7_2_6B0BE580
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,8_2_0089C039
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,8_2_0089C20E
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: GetLocaleInfoW,8_2_00898C33
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_0089BB82
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_0089BB37
        Source: C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_0089BC1D
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\AVG_AV.png VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\AVG_BRW.png VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\finish.png VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00104619 GetSystemTimeAsFileTime,5_2_00104619
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AFF79B6 __EH_prolog3_GS,LookupAccountNameW,GetLastError,7_2_6AFF79B6
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AFB26E8 _free,GetTimeZoneInformation,_free,7_2_6AFB26E8
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_0047A100 GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,6_2_0047A100
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Lowering of HIPS / PFW / Operating System Security Settings

        barindex
        Modifies the windows firewall
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exe "qBittorrent" ENABLE
        Uses netsh to modify the Windows network and firewall settings
        Source: C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exe "qBittorrent" ENABLE
        Source: norton_secure_browser_setup.exeBinary or memory string: C:\virus\virus.exe
        Source: norton_secure_browser_setup.exeBinary or memory string: wireshark.exe
        Source: norton_secure_browser_setup.exeBinary or memory string: C:\Kit\procexp.exe
        Source: norton_secure_browser_setup.exeBinary or memory string: C:\virus.exe
        Source: C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation

        Stealing of Sensitive Information

        barindex
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\search.json.mozlz4Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-releaseJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior
        Yara detected QueryWinSAT ClassID
        Source: Yara matchFile source: 00000001.00000003.2233964889.0000000000734000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000003.2233909651.0000000000734000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Canvas of Kings_N6xC-S2.tmp PID: 6836, type: MEMORYSTR
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2977306249.000000006B00E000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: WIN_XP
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2977306249.000000006B00E000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: j...RtlGetVersionD:\work\6641f181bd7f7928\src\acu\windows\utility\OSUtils.cppD:\work\6641f181bd7f7928\src\acu\windows\utility\OSUtils.cppSeIncreaseQuotaPrivilege{} {}WIN_XPVISTAWIN7WIN8WIN8_1WIN10WIN11UNKNOWNMicrosoft\Internet Explorer\Quick Launch\User Pinned\TaskBar.lnkrunasCreating unelevated process {} {}Attempting to execute {} as a trusted executableTrust not established so execution has been abortedunelevatedcurrentTrust has been established so executing in {} contextChecking candidate thumbprint {}no-matchmatchedVerify certificate thumbprint for {} ({}) [{}]Validate certificate thumbprint for {} failed [{:#018x}]VInv{}alid signature for {} [result({:#010x}), possiblySelfSigned({}), allowSelfSigned({})]Validate signature for {} failed [{:#018x}]Verifying trust for {}not Trust {}established BuildCmdArgsToDeleteSelf::pathToDel [{}])BuildCmdArgsToDeleteSelf::rmParentDirDepth [{}])BuildCmdArgsToDeleteSelf::timeoutSecs [{}])/c timeout /nobreak /t {} && del /F /Q {}..BuildCmdArgsToDeleteSelf::subpath [{}]) && rmdir /Q {}BuildCmdArgsToDeleteSelf::cmdargs {}cmd.exeProcessDeleteSelf::cmdexe [{}]OSUtils::ProcessDeleteSelf: {} {}D:(A;OICI;GA;;;BA)(A;OICI;GRDT;;;WD)1\/J
        Source: norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ...RtlGetVersionD:\work\6641f181bd7f7928\src\acu\windows\utility\OSUtils.cppD:\work\6641f181bd7f7928\src\acu\windows\utility\OSUtils.cppSeIncreaseQuotaPrivilege{} {}WIN_XPVISTAWIN7WIN8WIN8_1WIN10WIN11UNKNOWNMicrosoft\Internet Explorer\Quick Launch\User Pinned\TaskBar.lnkrunasCreating unelevated process {} {}Attempting to execute {} as a trusted executableTrust not established so execution has been abortedunelevatedcurrentTrust has been established so executing in {} contextChecking candidate thumbprint {}no-matchmatchedVerify certificate thumbprint for {} ({}) [{}]Validate certificate thumbprint for {} failed [{:#018x}]VInv{}alid signature for {} [result({:#010x}), possiblySelfSigned({}), allowSelfSigned({})]Validate signature for {} failed [{:#018x}]Verifying trust for {}not Trust {}established BuildCmdArgsToDeleteSelf::pathToDel [{}])BuildCmdArgsToDeleteSelf::rmParentDirDepth [{}])BuildCmdArgsToDeleteSelf::timeoutSecs [{}])/c timeout /nobreak /t {} && del /F /Q {}..BuildCmdArgsToDeleteSelf::subpath [{}]) && rmdir /Q {}BuildCmdArgsToDeleteSelf::cmdargs {}cmd.exeProcessDeleteSelf::cmdexe [{}]OSUtils::ProcessDeleteSelf: {} {}D:(A;OICI;GA;;;BA)(A;OICI;GRDT;;;WD)1\/J

        Remote Access Functionality

        barindex
        Yara detected QueryWinSAT ClassID
        Source: Yara matchFile source: 00000001.00000003.2233964889.0000000000734000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000003.2233909651.0000000000734000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Canvas of Kings_N6xC-S2.tmp PID: 6836, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        1
        Software        		Acquire Infrastructure2
        Valid Accounts        		4
        Native API        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		22
        Disable or Modify Tools        		1
        OS Credential Dumping        		2
        System Time Discovery        		Remote Services11
        Archive Collected Data        		4
        Ingress Tool Transfer        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomains1
        Replication Through Removable Media        		12
        Command and Scripting Interpreter        		1
        Image File Execution Options Injection        		1
        Image File Execution Options Injection        		1
        Deobfuscate/Decode Files or Information        		LSASS Memory11
        Peripheral Device Discovery        		Remote Desktop Protocol1
        Data from Local System        		21
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts1
        Scheduled Task/Job        		1
        Component Object Model Hijacking        		1
        Component Object Model Hijacking        		2
        Obfuscated Files or Information        		Security Account Manager1
        Account Discovery        		SMB/Windows Admin Shares1
        Clipboard Data        		4
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCron2
        Valid Accounts        		2
        Valid Accounts        		1
        Software Packing        		NTDS4
        File and Directory Discovery        		Distributed Component Object ModelInput Capture15
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchd1
        Windows Service        		21
        Access Token Manipulation        		1
        DLL Side-Loading        		LSA Secrets57
        System Information Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
        Scheduled Task/Job        		1
        Windows Service        		1
        File Deletion        		Cached Domain Credentials1
        Query Registry        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd Timers1
        Registry Run Keys / Startup Folder        		12
        Process Injection        		22
        Masquerading        		DCSync691
        Security Software Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration Job1
        Bootkit        		1
        Scheduled Task/Job        		2
        Valid Accounts        		Proc Filesystem24
        Virtualization/Sandbox Evasion        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAt1
        Registry Run Keys / Startup Folder        		24
        Virtualization/Sandbox Evasion        		/etc/passwd and /etc/shadow12
        Process Discovery        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
        Access Token Manipulation        		Network Sniffing3
        System Owner/User Discovery        		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
        Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
        Process Injection        		Input Capture1
        Remote System Discovery        		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
        Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
        Bootkit        		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580374 Sample: Canvas of Kings_N6xC-S2.exe Startdate: 24/12/2024 Architecture: WINDOWS Score: 64 137 v7event.stats.avast.com 2->137 139 update.norton.securebrowser.com 2->139 141 14 other IPs or domains 2->141 161 Malicious sample detected (through community Yara rule) 2->161 163 Antivirus / Scanner detection for submitted sample 2->163 165 Multi AV Scanner detection for submitted file 2->165 167 6 other signatures 2->167 12 Canvas of Kings_N6xC-S2.exe 2 2->12         started        15 NortonBrowserUpdate.exe 2->15         started        18 NortonBrowserUpdate.exe 2->18         started        20 4 other processes 2->20 signatures3 process4 dnsIp5 117 C:\Users\user\...\Canvas of Kings_N6xC-S2.tmp, PE32 12->117 dropped 23 Canvas of Kings_N6xC-S2.tmp 5 32 12->23         started        119 {01288569-79D1-416...rowserInstaller.exe, PE32+ 15->119 dropped 197 Query firmware table information (likely to detect VMs) 15->197 27 NortonBrowserUpdate.exe 18->27         started        29 NortonBrowserCrashHandler.exe 18->29         started        31 NortonBrowserCrashHandler64.exe 18->31         started        143 127.0.0.1 unknown unknown 20->143 33 WerFault.exe 20->33         started        35 NortonBrowserUpdate.exe 20->35         started        37 NortonBrowserUpdate.exe 20->37         started        39 WerFault.exe 20->39         started        file6 signatures7 process8 dnsIp9 145 65.9.108.105, 443, 49772, 49794 AMAZON-02US United States 23->145 147 d3ben4sjdmrs9v.cloudfront.net 65.9.108.223, 443, 49733, 49734 AMAZON-02US United States 23->147 97 C:\Users\user\AppData\...\qbittorrent.exe, PE32 23->97 dropped 99 C:\Users\...\norton_secure_browser_setup.exe, PE32 23->99 dropped 101 C:\Users\...\avg_antivirus_free_setup.exe, PE32 23->101 dropped 103 9 other files (7 malicious) 23->103 dropped 41 avg_antivirus_free_setup.exe 1 3 23->41         started        46 norton_secure_browser_setup.exe 14 94 23->46         started        48 saBSI.exe 10 6 23->48         started        50 4 other processes 23->50 file10 process11 dnsIp12 149 analytics-prod-gcp.ff.avast.com 34.117.223.223, 443, 49766, 49783 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 41->149 105 C:\...\avg_antivirus_free_online_setup.exe, PE32 41->105 dropped 177 Query firmware table information (likely to detect VMs) 41->177 179 Contains functionality to infect the boot sector 41->179 52 avg_antivirus_free_online_setup.exe 6 42 41->52         started        151 stats.securebrowser.com 104.20.86.8, 443, 49791, 49846 CLOUDFLARENETUS United States 46->151 107 C:\Users\user\AppData\...\thirdparty.dll, PE32 46->107 dropped 109 C:\Users\user\AppData\Local\...\sciterui.dll, PE32 46->109 dropped 111 C:\Users\user\AppData\Local\...\reboot.dll, PE32 46->111 dropped 115 9 other files (none is malicious) 46->115 dropped 181 Contain functionality to detect virtual machines 46->181 183 Checks if browser processes are running 46->183 185 Tries to harvest and steal browser information (history, passwords, etc) 46->185 189 3 other signatures 46->189 56 NortonBrowserUpdateSetup.exe 46->56         started        153 mosaic-nova.apis.mcafee.com 44.228.210.164, 443, 49756, 49763 AMAZON-02US United States 48->153 113 C:\Users\user\AppData\Local\...\installer.exe, PE32+ 48->113 dropped 187 Writes many files with high entropy 48->187 58 conhost.exe 50->58         started        file13 signatures14 process15 file16 81 C:\Windows\Temp\...\icarus.exe, PE32+ 52->81 dropped 83 C:\Windows\Temp\...\setupui.cont, XZ 52->83 dropped 85 C:\...\e5752873-542b-4414-940a-117ab556e630, LZMA 52->85 dropped 93 9 other files (5 malicious) 52->93 dropped 169 Query firmware table information (likely to detect VMs) 52->169 171 Found stalling execution ending in API Sleep call 52->171 173 Contains functionality to infect the boot sector 52->173 175 2 other signatures 52->175 60 icarus.exe 52->60         started        87 C:\...87ortonBrowserUpdate.exe, PE32 56->87 dropped 89 C:\Program Files (x86)\...\psuser_64.dll, PE32+ 56->89 dropped 91 C:\Program Files (x86)\...\psuser.dll, PE32 56->91 dropped 95 69 other files (none is malicious) 56->95 dropped 65 NortonBrowserUpdate.exe 56->65         started        signatures17 process18 dnsIp19 155 shepherd-gcp.ff.avast.com 34.160.176.28, 443, 49912, 49923 ATGS-MMD-ASUS United States 60->155 157 shepherd.ff.avast.com 60->157 159 5 other IPs or domains 60->159 121 C:\Windows\Temp\...\icarus_rvrt.exe, PE32+ 60->121 dropped 123 C:\Windows\Temp\...\icarus_product.dll, PE32+ 60->123 dropped 125 C:\Windows\Temp\...\icarus_rvrt.exe, PE32+ 60->125 dropped 133 13 other files (6 malicious) 60->133 dropped 191 Query firmware table information (likely to detect VMs) 60->191 193 Writes many files with high entropy 60->193 127 C:\...127ortonBrowserUpdate.exe, PE32 65->127 dropped 129 C:\Program Files (x86)\...\psmachine_64.dll, PE32+ 65->129 dropped 131 C:\Program Files (x86)\...\psuser_64.dll, PE32+ 65->131 dropped 135 70 other files (none is malicious) 65->135 dropped 195 Creates an undocumented autostart registry key 65->195 67 NortonBrowserUpdate.exe 65->67         started        69 NortonBrowserUpdate.exe 65->69         started        71 NortonBrowserUpdate.exe 65->71         started        73 NortonBrowserUpdate.exe 65->73         started        file20 signatures21 process22 process23 75 NortonBrowserUpdateComRegisterShell64.exe 67->75         started        77 NortonBrowserUpdateComRegisterShell64.exe 67->77         started        79 NortonBrowserUpdateComRegisterShell64.exe 67->79         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Canvas of Kings_N6xC-S2.exe18%ReversingLabs
        Canvas of Kings_N6xC-S2.exe100%AviraHEUR/AGEN.1332558

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Program Files (x86)\GUMC557.tmp\NortonBrowserCrashHandler.exe0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\NortonBrowserCrashHandler64.exe0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateBroker.exe0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateComRegisterShell64.exe0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateCore.exe0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateOnDemand.exe0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateSetup.exe0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateWebPlugin.exe0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\acuapi.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\acuapi_64.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdate.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_am.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_ar.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_bg.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_bn.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_ca.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_cs.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_da.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_de.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_el.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_en-GB.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_en.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_es-419.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_es.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_et.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_fa.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_fi.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_fil.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_fr.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_gu.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_hi.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_hr.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_hu.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_id.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_is.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_it.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_iw.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_ja.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_kn.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_ko.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_lt.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_lv.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_ml.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_mr.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_ms.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_nl.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_no.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_pl.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_pt-BR.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_pt-PT.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_ro.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_ru.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_sk.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_sl.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_sr.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_sv.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_sw.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_ta.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_te.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_th.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_tr.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_uk.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_ur.dll0%ReversingLabs
        C:\Program Files (x86)\GUMC557.tmp\goopdateres_vi.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipSOR0%Avira URL Cloudsafe
        https://sadownload.mcafee.com:443/products/SA/BSI/bsi_abtest.xmlATE0%Avira URL Cloudsafe
        https://analytics.apis.mcafee.comse0%Avira URL Cloudsafe
        https://firefoxextension.avast.com/aos/update.json0%Avira URL Cloudsafe
        https://reasonlabs.c0%Avira URL Cloudsafe
        https://sadownload.mcafee.com:443/products/SA/v1/bsi/4.1.1/install.xmlE0%Avira URL Cloudsafe
        https://sadownload.mcafee.com/products/sa/v1/p0%Avira URL Cloudsafe
        http://qt-project.org/xml/features/report-whitespace-only-CharData0%Avira URL Cloudsafe
        http://qt-project.org/xml/features/report-whitespace-only-CharDatahttp://trolltech.com/xml/features/0%Avira URL Cloudsafe
        https://d3ben4sjdmrs9v.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF0%Avira URL Cloudsafe
        https://stats.securebrowser.comnsSetFatalTrackingUrlnorton.installer.fataleventnsAddFatalTrackingPar0%Avira URL Cloudsafe
        https://d3ben4sjdmrs9v.cloudfront.net/zbdR0%Avira URL Cloudsafe
        https://sadownload.mcafee.com/t?0%Avira URL Cloudsafe
        http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBI0%Avira URL Cloudsafe
        https://sadownload.mcafee.com/J0%Avira URL Cloudsafe
        https://my.avast.com0%Avira URL Cloudsafe
        http://xml.org/sax/features/namespace-prefixeshttp://trolltech.com/xml/features/report-whitespace-on0%Avira URL Cloudsafe
        https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png.0%Avira URL Cloudsafe
        https://www.mcafee.com/consumer/v/wa-how.htmln0%Avira URL Cloudsafe
        https://shield.reasonsecurity.com/rsStubActi0%Avira URL Cloudsafe
        https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/EN.pngowser_setup.zip0%Avira URL Cloudsafe
        https://pair.ff.avast.com0%Avira URL Cloudsafe
        http://https://:allow_fallback/installer.exe0%Avira URL Cloudsafe
        https://www.mcafee.com/consumer/v/wa-how.htmlW0%Avira URL Cloudsafe
        https://www.mcafee.com/consumer/en-us/policy/legal.htmlJ0%Avira URL Cloudsafe
        https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/0%Avira URL Cloudsafe
        https://www.mcafee.com/consumer/en-us/policy/legal.html/1506/norton_secure_browser_setup.zip&Bl?0%Avira URL Cloudsafe
        https://analytics.apis.mcafee.com/0%Avira URL Cloudsafe
        https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png0%Avira URL Cloudsafe
        https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.png0%Avira URL Cloudsafe
        https://d3ben4sjdmrs9v.cloudfront.net/zbddl-0%Avira URL Cloudsafe
        https://packet-responder.ff.avast.com:8443Vaar-VersionVaar-Header-Content-Type0Failed0%Avira URL Cloudsafe
        https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/f.ng0%Avira URL Cloudsafe
        https://sadownload.mcafee.com/0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        d3ben4sjdmrs9v.cloudfront.net
        		65.9.108.223
        		truefalse
          		unknown
          update.norton.securebrowser.com
          		104.20.86.8
          		truefalse
            		high
            shepherd-gcp.ff.avast.com
            		34.160.176.28
            		truefalse
              		high
              mosaic-nova.apis.mcafee.com
              		44.228.210.164
              		truefalse
                		unknown
                analytics-prod-gcp.ff.avast.com
                		34.117.223.223
                		truefalse
                  		high
                  stats.securebrowser.com
                  		104.20.86.8
                  		truefalse
                    		high
                    v7event.stats.avast.com
                    		unknown
                    		unknownfalse
                      		high
                      analytics.apis.mcafee.com
                      		unknown
                      		unknownfalse
                        		unknown
                        sadownload.mcafee.com
                        		unknown
                        		unknownfalse
                          		unknown
                          shepherd.avcdn.net
                          		unknown
                          		unknownfalse
                            		high
                            cdn-update.norton.securebrowser.com
                            		unknown
                            		unknownfalse
                              		high
                              analytics.avcdn.net
                              		unknown
                              		unknownfalse
                                		high
                                honzik.avcdn.net
                                		unknown
                                		unknownfalse
                                  		high

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://stats.securebrowser.com/?_=1735038370653&retry_tracking_count=0&last_request_error_code=0&last_request_error_message=&last_request_status=0&last_request_system_error=0&request_proxy=0false
                                    		high
                                    https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.pngfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipSORCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2431828115.0000000004EBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://d3ben4sjdmrs9v.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BFCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://webcompanion.com/termsCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764336975.0000000000919000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000919000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://sadownload.mcafee.com:443/products/SA/BSI/bsi_abtest.xmlATEsaBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://home.mcafee.com/Root/AboutUs.aspx?id=eulaCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763417695.0000000000925000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/saBSI.exe, 00000005.00000003.2380246086.0000000004D0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://analytics.avcdn.net/v4/receive/json/25.icavg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://sadownload.mcafee.com:443/products/SA/v1/bsi/4.1.1/install.xmlEsaBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://qt-project.org/xml/features/report-whitespace-only-CharDataqbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://analytics.apis.mcafee.comsesaBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.avg.com/ww-en/privacy4Xb8Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433301720.0000000004EF6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2749782006.0000000004EF6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433485584.00000000068C5000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2336433829.00000000068C8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337001514.00000000068CA000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004E2D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://honzik.avcdn.net/defs/avg-av/release.xml.lzmaavg_antivirus_free_online_setup.exe, 00000008.00000003.2390745818.00000000006AE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2390745818.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2412880620.00000000006CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2412180856.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2406771349.00000000006CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2406445183.00000000006BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://honzik.avcdn.net/universe/3ba8/fbac/3885/3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.premieropinion.com/common/termsofservice-v1Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764336975.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://bugreports.qt.io/qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpfalse
                                                        		high
                                                        https://docs.google.com/norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://sadownload.mcafee.com/products/sa/v1/psaBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://qt-project.org/xml/features/report-whitespace-only-CharDatahttp://trolltech.com/xml/features/qbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://g.live.com/odclientsettings/Prod.C:svchost.exe, 0000000C.00000003.2398013421.0000022F67E72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://firefoxextension.avast.com/aos/update.jsonavg_antivirus_free_online_setup.exe, 00000008.00000003.2715273606.00000000053EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://sadownload.mcafee.com/products/sa/bsi/win/binary/saBSI.exe, 00000005.00000002.2935450892.0000000004D33000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://reasonlabs.cCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763329826.000000000092E000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764181804.0000000000934000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://d3ben4sjdmrs9v.cloudfront.net/zbdRCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2431828115.0000000004EDA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://stats.securebrowser.comnsSetFatalTrackingUrlnorton.installer.fataleventnsAddFatalTrackingParnorton_secure_browser_setup.exe, 00000007.00000002.2937175414.0000000002799000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.avg.com/ww-en/eula/en-us/Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2307959551.0000000004EF2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306878132.0000000004EF1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004EF1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433301720.0000000004EF6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2749782006.0000000004EF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.razer.com/legal/customer-privacy-policy9Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763417695.0000000000925000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://stats.securebrowser.com?_=1735038370653norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000849000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.remobjects.com/psCanvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000000.1680500669.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                                      		high
                                                                      https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xmlsaBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002902000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2935450892.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://sadownload.mcafee.com/t?saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://sadownload.mcafee.com/JsaBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.innosetup.com/Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000000.1680500669.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                                          		high
                                                                          https://winqual.sb.avast.comavg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBIavg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://my.avast.comavg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.zhongyicts.com.cnqbittorrent.exe, 0000000B.00000002.3032016622.000000000444F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 0000000C.00000003.2398013421.0000022F67EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png.Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://xml.org/sax/features/namespace-prefixeshttp://trolltech.com/xml/features/report-whitespace-onqbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#avg_antivirus_free_setup.exe, 00000006.00000002.2928141299.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xmlsaBSI.exe, 00000005.00000003.2380332434.0000000002906000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2380009561.0000000002906000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002902000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://shield.reasonsecurity.com/rsStubActiCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763572224.00000000008B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://www.ccleaner.com/legal/end-user-license-agreementCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.mcafee.com/consumer/v/wa-how.htmlnsaBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://stats.securebrowser.com/?_=1735038370653&retry_tracking_count=0&last_request_error_code=0&lanorton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000898000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/EN.pngowser_setup.zipCanvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000930000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://honzik.avcdn.net/nmWavg_antivirus_free_online_setup.exe, 00000008.00000003.2676967364.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2749131788.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2714616486.00000000006BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0avg_antivirus_free_setup.exe, 00000006.00000002.2929702891.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2360180609.0000000004BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2928141299.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2360180609.0000000004C3A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://id.avast.com/inAvastiumavg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://chrome.google.com/webstorenorton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://shepherd.avcdn.netavg_antivirus_free_online_setup.exe, 00000008.00000003.2715273606.00000000053EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://drive-daily-2.corp.google.com/norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://crl.ver)svchost.exe, 0000000C.00000002.2976152871.0000022F67C00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.opera.com/he/eula/computersCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763572224.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764863031.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.00000000008B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://drive-daily-1.corp.google.com/norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exeavg_antivirus_free_setup.exe, 00000006.00000003.2360180609.0000000004BF9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2360180609.0000000004BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2928141299.0000000004BF9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BF9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://drive-daily-5.corp.google.com/norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://pair.ff.avast.comavg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://www.mcafee.com/consumer/v/wa-how.htmlWsaBSI.exe, 00000005.00000002.2928526983.000000000284E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://www.avast.com/eula:vCanvas of Kings_N6xC-S2.tmp, 00000001.00000002.2747091095.0000000004E10000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://https://:allow_fallback/installer.exeavg_antivirus_free_setup.exe, 00000006.00000000.2308794053.0000000000493000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2921459091.0000000000493000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://submit.sb.avast.com/V1/PD/avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/rsaBSI.exe, 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2279002766.000000000012E000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/saBSI.exe, 00000005.00000003.2493478584.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2380332434.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002922000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://viruslab-samples.sb.avast.comavg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zavg_antivirus_free_setup.exe, 00000006.00000002.2928141299.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.nortonlifelock.com/norton_secure_browser_setup.exe, 00000007.00000003.2412179424.0000000004A21000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2921730208.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000030BB000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2412311308.0000000004A2B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003676000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.00000000026AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002704000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.000000000276B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.000000000431A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004242000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003793000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.000000000379E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2416089670.0000000002687000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036FF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.0000000003630000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2424217205.00000000036C6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.0000000003B2B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2419925376.00000000042D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://trolltech.com/xml/features/report-start-end-entityqbittorrent.exe, 0000000B.00000002.2937120417.0000000001314000.00000002.00000001.01000000.00000018.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.mcafee.com/consumer/en-us/policy/legal.htmlJCanvas of Kings_N6xC-S2.tmp, 00000001.00000002.2747091095.0000000004E10000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://drive-preprod.corp.google.com/norton_secure_browser_setup.exe, 00000007.00000002.2931737359.0000000000875000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.avast.com/prVersionCanvas of Kings_N6xC-S2.tmp, 00000001.00000002.2742327506.00000000024B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://analytics.apis.mcafee.com/saBSI.exe, 00000005.00000002.2928526983.0000000002881000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://sadownload.mcafee.com/products/SA/v1/bsisaBSI.exe, 00000005.00000002.2935450892.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://sadownload.mcafee.com/products/sa/bsi/win/binarysaBSI.exe, 00000005.00000002.2935450892.0000000004D1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.mcafee.com/consumer/en-us/policy/legal.html/1506/norton_secure_browser_setup.zip&Bl?Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004E77000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2277783422.0000000004E8D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgiavg_antivirus_free_setup.exe, 00000006.00000002.2929702891.0000000004C3A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004C3A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.pngCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2277783422.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2747353590.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2337317835.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004E77000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2308120511.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433556335.0000000004E8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        http://ocsp.sectigo.com0Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2928141299.0000000004BEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2369853017.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/saBSI.exe, 00000005.00000003.2493478584.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2379943913.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2380332434.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2538412417.0000000002922000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.avg.com/ww-en/eulacyetCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433301720.0000000004EF6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2749782006.0000000004EF6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2276250845.0000000004E2D000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2277783422.0000000004E32000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2308120511.0000000004E2C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exeavg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://www.nortonlifelock.com/us/en/legal/license-services-agreement/ACanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2431828115.0000000004EBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.avast.com0/Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004ED9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359729651.0000000004BEC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2359696407.0000000004C7D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573330023.000000000579F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2624207025.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2477324143.000000000562F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2413219491.00000000053B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2935892477.0000000004CD0000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1679328506.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1677182877.0000000002640000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://honzik.avcdn.net:443/setup/avg-av/release/avg_antivirus_free_online_setup.exeavg_antivirus_free_setup.exe, 00000006.00000003.2360180609.0000000004BFF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://webcompanion.com/privacy-k&Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1764336975.0000000000919000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000919000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://d3ben4sjdmrs9v.cloudfront.net/zbddl-Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306878132.0000000004EC0000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004EBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://s-nuistatic.avcdn.net/nui/avg/1.0.761/updatefile.jsonavg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/f.ngCanvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.0000000000920000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://crl.thawte.com/ThawteTimestampingCA.crl0norton_secure_browser_setup.exe, 00000007.00000002.2942013799.00000000033A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://reasonlabs.com/policiesCanvas of Kings_N6xC-S2.tmp, 00000001.00000002.2745537272.0000000003572000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1763438947.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2434384539.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2736036551.0000000000919000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://packet-responder.ff.avast.com:8443Vaar-VersionVaar-Header-Content-Type0Failedavg_antivirus_free_online_setup.exe, 00000008.00000003.2678619778.0000000005579000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://ipm.avcdn.net/avg_antivirus_free_online_setup.exe, 00000008.00000003.2747472940.00000000053B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://honzik.avcdn.net/universe/6b80/fa1f/8221/6b80fa1f82216a58bdc872de1a8e2cf9d2c485d135cf3414b79avg_antivirus_free_online_setup.exe, 00000008.00000003.2714616486.00000000006BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2921422224.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://sadownload.mcafee.com/saBSI.exe, 00000005.00000003.2538412417.0000000002901000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2493478584.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2928526983.00000000028B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://www.avg.com/ww-en/privacy-us/Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2307959551.0000000004EF2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306878132.0000000004EF1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2306117384.0000000004EF1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2433301720.0000000004EF6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.2749782006.0000000004EF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high

                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                      Public IPs

                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                      65.9.108.223
                                                                                                                                                                      		d3ben4sjdmrs9v.cloudfront.netUnited States
                                                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                                                      65.9.108.105
                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                                                      34.160.176.28
                                                                                                                                                                      		shepherd-gcp.ff.avast.comUnited States
                                                                                                                                                                      		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                      34.117.223.223
                                                                                                                                                                      		analytics-prod-gcp.ff.avast.comUnited States
                                                                                                                                                                      		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                      104.20.86.8
                                                                                                                                                                      		update.norton.securebrowser.comUnited States
                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                      44.228.210.164
                                                                                                                                                                      		mosaic-nova.apis.mcafee.comUnited States
                                                                                                                                                                      		16509AMAZON-02USfalse

                                                                                                                                                                      Private

                                                                                                                                                                      IP
                                                                                                                                                                      127.0.0.1

                                                                                                                                                                      General Information

                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                      Analysis ID:1580374
                                                                                                                                                                      Start date and time:2024-12-24 12:04:08 +01:00
                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                      Overall analysis duration:0h 13m 8s
                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                      Report type:full
                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                      Number of analysed new started processes analysed:38
                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                      Technologies:
                                                                                                                                                                      • HCA enabled
                                                                                                                                                                      • EGA enabled
                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                      Sample name:Canvas of Kings_N6xC-S2.exe
                                                                                                                                                                      Detection:MAL
                                                                                                                                                                      Classification:mal64.rans.bank.troj.spyw.evad.winEXE@62/279@26/7
                                                                                                                                                                      EGA Information:
                                                                                                                                                                      • Successful, ratio: 80%
                                                                                                                                                                      HCA Information:
                                                                                                                                                                      • Successful, ratio: 87%
                                                                                                                                                                      • Number of executed functions: 103
                                                                                                                                                                      • Number of non-executed functions: 165
                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                      Warnings

                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 142.250.181.78, 184.30.25.22, 2.19.198.75, 23.32.238.105, 23.218.208.109, 23.54.81.200, 23.54.81.168, 20.189.173.22, 4.245.163.56, 13.107.246.63, 20.190.147.2
                                                                                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, e9229.dscd.akamaiedge.net, s-honzik.avcdn.net.edgekey.net, a866.dscd.akamai.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, a1546.dscd.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, cdn-update.norton.securebrowser.com.akamaized.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, sadownload.mcafee.com.edgesuite.net, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, prod.fs.microsoft.com.akadns.net, www.google-analytics.com
                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                      • VT rate limit hit for: Canvas of Kings_N6xC-S2.exe

                                                                                                                                                                      Simulations

                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                      06:05:08API Interceptor9x Sleep call for process: Canvas of Kings_N6xC-S2.tmp modified
                                                                                                                                                                      06:06:07API Interceptor2x Sleep call for process: avg_antivirus_free_setup.exe modified
                                                                                                                                                                      06:06:11API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                      06:06:12API Interceptor6x Sleep call for process: qbittorrent.exe modified
                                                                                                                                                                      06:06:13API Interceptor8x Sleep call for process: avg_antivirus_free_online_setup.exe modified
                                                                                                                                                                      06:06:28API Interceptor2x Sleep call for process: NortonBrowserUpdate.exe modified
                                                                                                                                                                      06:06:39API Interceptor2x Sleep call for process: WerFault.exe modified
                                                                                                                                                                      11:06:22Task SchedulerRun new task: NortonUpdateTaskMachineCore path: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe s>/c
                                                                                                                                                                      11:06:22Task SchedulerRun new task: NortonUpdateTaskMachineUA path: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe s>/ua /installsource scheduler

                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                      IPs

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      34.117.223.223Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                      avast_free_antivirus_setup_online.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                      avast_free_antivirus_setup_online.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                      Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                      Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                      SecuriteInfo.com.Riskware.OfferCore.5002.4698.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                      Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                      Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                      ccsetup621.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                      https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                      34.160.176.28Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          lw2HMxuVuf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            avast_free_antivirus_setup_online.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              avast_free_antivirus_setup_online.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                https://www.ccleaner.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  https://download.ccleaner.com/portable/ccsetup629.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmailGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                          Domains

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          shepherd-gcp.ff.avast.comViolated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          lw2HMxuVuf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          avast_free_antivirus_setup_online.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          avast_free_antivirus_setup_online.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          https://download.ccleaner.com/portable/ccsetup629.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmailGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          SecuriteInfo.com.Trojan.Siggen29.7508.16428.4641.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          SecuriteInfo.com.Riskware.OfferCore.5002.4698.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          analytics-prod-gcp.ff.avast.comViolated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          lw2HMxuVuf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          avast_free_antivirus_setup_online.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          avast_free_antivirus_setup_online.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          https://download.ccleaner.com/portable/ccsetup629.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmailGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          SecuriteInfo.com.Trojan.Siggen29.7508.16428.4641.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          SecuriteInfo.com.Riskware.OfferCore.5002.4698.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          mosaic-nova.apis.mcafee.comViolated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 52.35.239.119
                                                                                                                                                                                          http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exeGet hashmaliciousPoisonivyBrowse
                                                                                                                                                                                          • 54.200.239.173
                                                                                                                                                                                          $RWRW8GN.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 52.36.122.185
                                                                                                                                                                                          http://www.poweriso-mirror.com/PowerISO8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.218.83.162
                                                                                                                                                                                          MDE_File_Sample_c7da8e8d530606f98d3014dbf9ce345b0d07dd48.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 35.167.194.178
                                                                                                                                                                                          MDE_File_Sample_bacdeece4458ac1ee50cb505bd775588c4616b45.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 54.190.8.5
                                                                                                                                                                                          fences-1.0.1.0.0-installer_t-TafY1.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                          • 52.26.81.29
                                                                                                                                                                                          d3ben4sjdmrs9v.cloudfront.netViolated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 65.9.108.213
                                                                                                                                                                                          Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 65.9.23.130
                                                                                                                                                                                          Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 65.9.23.130

                                                                                                                                                                                          ASNs

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          GOOGLE-AS-APGoogleAsiaPacificPteLtdSGcMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          https://property-management-portal.replit.app/%2520%2522https:/property-management-portal.replit.app/%2522Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.33.233
                                                                                                                                                                                          Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          https://email.equifaxbreachsettlement.com/c/eJwczbFugzAQANCvsccIzoaYwQMNWE1VEQoM2SxzPgRSCJS4pfn7qt2f9Lx2FDunOOn4KGQWZUopPmqCAb0Uie8hxR6VP6bocQBKMO4TJfikIQIZAwAIkFIdhB9SzAQJJdOk90cmI_r8mgb302_kcHxQCDea6R4OuMz8pscQ1gcTOQPDwOz7fpif60armzzSPdD25xiYjTzRzIQhXDwxUZzeTHN9iV5l137wTXdV-d5eKgXAZPR047L8B0GX5mrr5mKbvMtt3ZR1fi7sKW8KW5zbzrZlVfBvDb8BAAD__6sTT70Get hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                          • 34.67.241.53
                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          nshmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                          • 34.66.142.1
                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          arm5.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                          • 34.67.119.59
                                                                                                                                                                                          AMAZON-02UScMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                          • 44.237.186.112
                                                                                                                                                                                          x86_64.nn.elfGet hashmaliciousOkiruBrowse
                                                                                                                                                                                          • 54.171.230.55
                                                                                                                                                                                          fnCae9FQhg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          • 185.166.143.48
                                                                                                                                                                                          SFtDA07UDr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          • 185.166.143.48
                                                                                                                                                                                          https://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&url=https://monaghans.jimdosite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 54.73.104.6
                                                                                                                                                                                          nsharm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 54.171.230.55
                                                                                                                                                                                          Gq48hjKhZf.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                                                          • 185.166.143.49
                                                                                                                                                                                          Gq48hjKhZf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 185.166.143.48
                                                                                                                                                                                          2oM46LNCOo.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          • 185.166.143.50
                                                                                                                                                                                          tTGxYWtjG5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          • 185.166.143.48
                                                                                                                                                                                          AMAZON-02UScMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                          • 44.237.186.112
                                                                                                                                                                                          x86_64.nn.elfGet hashmaliciousOkiruBrowse
                                                                                                                                                                                          • 54.171.230.55
                                                                                                                                                                                          fnCae9FQhg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          • 185.166.143.48
                                                                                                                                                                                          SFtDA07UDr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          • 185.166.143.48
                                                                                                                                                                                          https://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&url=https://monaghans.jimdosite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 54.73.104.6
                                                                                                                                                                                          nsharm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 54.171.230.55
                                                                                                                                                                                          Gq48hjKhZf.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                                                          • 185.166.143.49
                                                                                                                                                                                          Gq48hjKhZf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 185.166.143.48
                                                                                                                                                                                          2oM46LNCOo.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          • 185.166.143.50
                                                                                                                                                                                          tTGxYWtjG5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          • 185.166.143.48
                                                                                                                                                                                          ATGS-MMD-ASUScMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                          armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 57.1.102.147
                                                                                                                                                                                          armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 48.85.107.21
                                                                                                                                                                                          armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 57.49.121.142
                                                                                                                                                                                          splm68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.14.229.251
                                                                                                                                                                                          splarm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 32.199.13.128
                                                                                                                                                                                          nklarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 33.243.135.210
                                                                                                                                                                                          jklspc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 33.159.5.232
                                                                                                                                                                                          nabspc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 57.162.96.137
                                                                                                                                                                                          splarm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 56.3.116.221

                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          28a2c9bd18a11de089ef85a160da29e4Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          jqplot.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          http://aselog24x7.cl/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          cB1ItKbbhY.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          PVKDyWHOaX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          RcFBMph6zu.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          http://senalongley.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          Doc_14-58-28.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          Doc_14-58-28.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          74954a0c86284d0d6e1c4efefe92b521Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          58VSNPxrI4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          676556be12ac3.vbsGet hashmaliciousMint StealerBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          PKO_0019289289544_PDF_#U2463#U2466#U2465#U2462#U2461#U2466#U2464#U2462.htaGet hashmaliciousMint StealerBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          9KEZfGRjyK.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          9KEZfGRjyK.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          Hkeyboard.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          67618a47ee8c5.vbsGet hashmaliciousMint StealerBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          PKO_0019868519477_PDF_#U2462#U2465#U2461#U2465#U2467#U2464#U2464#U2466.htaGet hashmaliciousMint StealerBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          webhook.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1RTD20241038II Listed Parts And Quotation Request ,pdf.scr.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                          • 44.228.210.164
                                                                                                                                                                                          • 65.9.108.223
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          • 65.9.108.105
                                                                                                                                                                                          fnCae9FQhg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          • 44.228.210.164
                                                                                                                                                                                          • 65.9.108.223
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          • 65.9.108.105
                                                                                                                                                                                          bG89JAQXz2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          • 44.228.210.164
                                                                                                                                                                                          • 65.9.108.223
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          • 65.9.108.105
                                                                                                                                                                                          SFtDA07UDr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          • 44.228.210.164
                                                                                                                                                                                          • 65.9.108.223
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          • 65.9.108.105
                                                                                                                                                                                          3zg6i6Zu1u.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          • 44.228.210.164
                                                                                                                                                                                          • 65.9.108.223
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          • 65.9.108.105
                                                                                                                                                                                          oiF7u78bY2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          • 44.228.210.164
                                                                                                                                                                                          • 65.9.108.223
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          • 65.9.108.105
                                                                                                                                                                                          L5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          • 44.228.210.164
                                                                                                                                                                                          • 65.9.108.223
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          • 65.9.108.105
                                                                                                                                                                                          LVDdWBGnVE.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                          • 44.228.210.164
                                                                                                                                                                                          • 65.9.108.223
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          • 65.9.108.105
                                                                                                                                                                                          O5Vg1CJsxN.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                          • 44.228.210.164
                                                                                                                                                                                          • 65.9.108.223
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          • 65.9.108.105
                                                                                                                                                                                          2oM46LNCOo.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          • 44.228.210.164
                                                                                                                                                                                          • 65.9.108.223
                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          • 65.9.108.105
                                                                                                                                                                                          37f463bf4616ecd445d4a1937da06e19Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          Azygoses125.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          3gPZmVbozD.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.20.86.8
                                                                                                                                                                                          YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.20.86.8

                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          C:\Program Files (x86)\GUMC557.tmp\NortonBrowserCrashHandler.exeViolated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  Lisect_AVT_24003_G1B_127.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                    SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                                                                                                                                      SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                                                                                                                                        C:\Program Files (x86)\GUMC557.tmp\NortonBrowserCrashHandler64.exeViolated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                Lisect_AVT_24003_G1B_127.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                                                                                                                                                    SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse

                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                      C:\Config.Msi\6ff022.rbs

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                      Size (bytes):7854
                                                                                                                                                                                                                      Entropy (8bit):5.4989921278357
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:YgepmRyHSIgHSzXReJ7aY7jMgDwzgs+Bd4C/Q/Bp:YZmkHeHkXRo2Y7jMgDBBd4C/Q/Bp
                                                                                                                                                                                                                      MD5:4E94A0A0B04556BE1F68993D998174B7
                                                                                                                                                                                                                      SHA1:412B675927F4B5D9B8C43713BF52CDDD9B06FFAB
                                                                                                                                                                                                                      SHA-256:BCA76A0C157B02695594BC82CC98137C14DCC152FF3BE63187ADC4C81BDB1814
                                                                                                                                                                                                                      SHA-512:AAB2F03336631C81FB338408E9199CA983A46D74F9C9A9377CD22A73273F977EC83D444D800E2EB69971344261538AEBFA097131AFEBFC2ABD7435A2032D6BB3
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:...@IXOS.@.....@.0.Y.@.....@.....@.....@.....@.....@......&.{469D3039-E8BB-40CB-9989-158443EEA4EB}..Norton Update Helper..NortonBrowserUpdateHelper.msi.@.....@q....@.....@........&.{F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}.....@.....@.....@.....@.......@.....@.....@.......@......Norton Update Helper......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{717B7059-A988-492F-AF1B-DCF70BE809AB}&.{469D3039-E8BB-40CB-9989-158443EEA4EB}.@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]$..@......SOFTWARE\Norton\Browser\Update.............................................. ...!.......?........... ... .......?...................?.........................................8......................1.?l.cL<.P...b....~z................. ... ...................$.N.......@....'.&...MsiStubRun..#0....RegisterProduct..Registering product..[1]......C:\Windows\Installer\6

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\@PaxHeader

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):28
                                                                                                                                                                                                                      Entropy (8bit):3.5566567074628233
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:XVTKlUv:FTj
                                                                                                                                                                                                                      MD5:B9EA04357667FD46353CA3E48F346261
                                                                                                                                                                                                                      SHA1:CB35A329D04D990B937CB8C6C49ACC8D80AD45A3
                                                                                                                                                                                                                      SHA-256:FDF34D3C6716526200DFC4F81AD1CB1BFDA51EC9DB20C2C0E7CDD08C179A6DE3
                                                                                                                                                                                                                      SHA-512:5B07BA516C030BD3689F21939A2EEA417B603A9FA8BEBCF4D9BAED190B67E7784F1A0458A022450F5DDD99F6D9913BA45D2EB1DCE4E011842A5CB33B3695C93B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:28 mtime=1686233326.3398783.

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\NortonBrowserCrashHandler.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):383232
                                                                                                                                                                                                                      Entropy (8bit):4.3682050352007735
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:iPfhJk6XlsbrElrmPARuDnQe09E32yIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AD:cfYKsHKmz+K32OTixcvcDwn
                                                                                                                                                                                                                      MD5:1694092D5DE0E0DAEF4C5EA13EA84CAB
                                                                                                                                                                                                                      SHA1:894F3E31CC3666728F2D7A8DB6840D4726843DE5
                                                                                                                                                                                                                      SHA-256:A178FFAD4526B68BA0106032D612164004F20F08B8EF7FDF986429A1CF7708A0
                                                                                                                                                                                                                      SHA-512:882A9392507BF0E089952F17E2F40DB0C5E1C52C6A6F5C7CDAD61DEDAF1AF734F23C317C0DA77A980D6ACC38E169302E1B024AD393BB730851786146BC38E17E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                      • Filename: Violated Heroine_91zbZ-1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: Violated Heroine_91zbZ-1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: Lisect_AVT_24003_G1B_127.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........2R..aR..aR..a...`X..a...`...a...`F..a...`t..a...`C..a...`@..a...`Q..aR..a...a...`S..a..%aS..a...`S..aRichR..a........................PE..L......d............................T.............@.................................t\....@.................................d'..(....P..(f..........H....6..........L...T...............................@............................................text............................... ..`.rdata..<].......^..................@..@.data........0....... ..............@....rsrc...(f...P...h...*..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\NortonBrowserCrashHandler64.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):404480
                                                                                                                                                                                                                      Entropy (8bit):4.403596063022666
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:Pzfvhld4VAmlAfFUtxsIKGNGdyIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAA9:bvhP4VHlAfFUYdOTixcvcK
                                                                                                                                                                                                                      MD5:09621280025727AB4CB39BD6F6B2C69E
                                                                                                                                                                                                                      SHA1:A6F3796A310B064D1F2A06FAA9B14C4A104506DA
                                                                                                                                                                                                                      SHA-256:77B695E9292A10A98C3FC1D25AE05C44FB18A54D74A473D4497B840C8BA94DEA
                                                                                                                                                                                                                      SHA-512:CBA5DAB19BDEAFC4ECA223A4858B566E3AF21FD690F4F6971864C519D284AAF5A3DF70B98AEB5FABC66A68E515505B203B0BF1C61ECB92070E8E30A92BDA6FAC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                      • Filename: Violated Heroine_91zbZ-1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: Violated Heroine_91zbZ-1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: Lisect_AVT_24003_G1B_127.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g0...^...^...^.;v]...^.;v[.U.^.;vZ...^.s[...^.sZ...^.s]...^.;v_...^..._..^.sW...^.s....^.s\...^.Rich..^.........PE..d...=..d.........."..........6.................@.............................@.......z....`..................................................l..(.......0f..........H....7...0..T...pW..T............................W..8...............@............................text............................... ..`.rdata..............................@..@.data................f..............@....pdata...............r..............@..@_RDATA..............................@..@.rsrc...0f.......h..................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):440608
                                                                                                                                                                                                                      Entropy (8bit):4.477495049012643
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:TjbidjsOQe3H/lqa8ggDemWSzuwJWwqjPpiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBv:ytqa8VxJMReTixcvcF4fZNVw
                                                                                                                                                                                                                      MD5:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                      SHA1:B267CCB3BBE06A0143C1162F462839645780D22E
                                                                                                                                                                                                                      SHA-256:66E75EA8A3641E419D5226E062F8F17624AFBEE3D7EFD1D6517890511E7111D9
                                                                                                                                                                                                                      SHA-512:512F2C2BE5EE5F61F31719344CD20DD731898C5B63F6E1ABDBFC81821533D93AE06C96F256AC1196E9F457A927C4AA61C35D00B45181793547FF3B6670866CCA
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.<r..R!..R!..R!..Q ..R!..W ..R!..V ..R!B.V ..R!B.Q ..R!B.W <.R!..S ..R!..S!s.R!H.[ ..R!H.!..R!...!*.R!H.P ..R!Rich..R!........PE..L...b..d.................<...L......;z.......P....@......................................@.................................`q..x...................H....8...........^..T...................@_......X^..@............p..\............................text....:.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc................T..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateBroker.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):384296
                                                                                                                                                                                                                      Entropy (8bit):4.381583745540333
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:Vvs32BUKqsL6FBqrk0z3M+82nOiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAn:Bs3Uq+2qXnOeTixcvcGLNI
                                                                                                                                                                                                                      MD5:A86AD7C0E95907CBA12C65A752C02821
                                                                                                                                                                                                                      SHA1:26EE2DF5A6A47FE976AF1592B20BCBEBDAFFC4DB
                                                                                                                                                                                                                      SHA-256:4E596090A150EB2B7478A42B7A2287EB8E0C80ACF2776AA7A55DFE9CC5013718
                                                                                                                                                                                                                      SHA-512:62D869B8FEC28D10EC6A1B78B6F92555B0DBA2E92BAC203C569CACCB30B1BB33128346C158A04262271D43D09AB0ED207B99A19354215D5A8907FCA01B654C60
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L....d..........................................@.................................R:....@.................................$8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..b^.......`..................@..@.data........@.......&..............@....rsrc....f...`...f...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateComRegisterShell64.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):438592
                                                                                                                                                                                                                      Entropy (8bit):6.45992761938075
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:/iooQx+F24u9wHXNiOc20bNcooY50EkY:/mQUkyiOc20ZcW0Er
                                                                                                                                                                                                                      MD5:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                                                      SHA1:69D5E69DDF4132FA2A5AE8B8B36CE047E560A476
                                                                                                                                                                                                                      SHA-256:B2DAA382D892FEDB01EE0FC960671A96C1D21C663F1883D800F70D72FDD13F91
                                                                                                                                                                                                                      SHA-512:A484F13F5427B20623BC0451BD223C0D89EDA0B0789749B46F2981CD7818A0D795B2868840E5BB9A0C6C8020939D085814A6BBBAAE4425B2F0C398C913F246DF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5..PTg.PTg.PTg.$d.[Tg.$b..Tg..!c.BTg..!d.ZTg..!b..Tg..!n.kTg.$c.ETg.$f.MTg.PTf..Ug..!b.QTg..!..QTg..!e.QTg.RichPTg.................PE..d......d.........."............................@....................................R.....`..................................................................p..t4..Hx...8......d.......T.......................(... ...8............................................text.............................. ..`.rdata...|.......|..................@..@.data...08...0......................@....pdata..t4...p...6..................@..@_RDATA...............d..............@..@.rsrc................f..............@..@.reloc..d............j..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateCore.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):755696
                                                                                                                                                                                                                      Entropy (8bit):5.78064070271127
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:W7HWEcC7f+bctMN8hnPTscowfOTieHsgX+:W7HWvbcNPTJowfOu2u
                                                                                                                                                                                                                      MD5:5174340282DD8A0FF39480395F5BC5D8
                                                                                                                                                                                                                      SHA1:08100AB4E019A149CC484BDA66CCC5C28DC2D2ED
                                                                                                                                                                                                                      SHA-256:C78E5106DEBB7D891A9B3DF684EDE2DA295B8E7B595F899CEB8400786A627EC6
                                                                                                                                                                                                                      SHA-512:8B2A3DB0DEE98435F2C5ACF8DE8617FE72ADD9155F3AF491CDFBE6770346DD31CAD387D3E2877E3E5332117A30D08DA428CBF9C7E3C72C6E6E486F4626BFD1AF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.P.4.P.4.P.D.Q.4.P.D.Q84.P.hjP.4.P.A.Q.4.P.A.Q.4.P.A.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.4.P.6.P.A.Q.5.P.AhP.4.P.A.Q.4.PRich.4.P........PE..L....d............................0t............@.......................................@..............................................f..........HD...C...`...A..Xw..T....................x.......w..@...............8............................text...*........................... ..`.rdata..............................@..@.data...DG..........................@....rsrc....f.......f..................@..@.reloc...A...`...B..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateHelper.msi

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                      Entropy (8bit):3.710330368678027
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                                                                      MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                                                                      SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                                                                      SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                                                                      SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateOnDemand.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):384808
                                                                                                                                                                                                                      Entropy (8bit):4.377706577325397
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:zvMP2ZEKysLSFBqr80w3M+D2nKiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAW:bMPMy+eqLnKeTixcvcjLNm
                                                                                                                                                                                                                      MD5:C9824519E8613D8B4CAD44060069C19C
                                                                                                                                                                                                                      SHA1:8D253977D0236494471FBFDAA6AB3EEF1315AC15
                                                                                                                                                                                                                      SHA-256:11F3E42F19333E5917E7DB62FA8E7F966EB9624E86711E413AA43284B8D03244
                                                                                                                                                                                                                      SHA-512:0F2E11E11C1C8D477EA8C2C6C70D24484AE913CC1FC785E945141BD035745914CA307D67BDEC3A45D443BEBEDDB536A910E4E1F2A285AA807217576262AE4D21
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.......................................@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateSetup.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1910576
                                                                                                                                                                                                                      Entropy (8bit):7.58137479903026
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:hbGcPcWSOwiGJ+aKznZOqbU3tFKU+9wOKXd9AVjrr:xGGcWSYGJ+94iU3tIU+qOs
                                                                                                                                                                                                                      MD5:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                                                                      SHA1:EBD3E4A1A58B03BFD217296D170C969098EB2736
                                                                                                                                                                                                                      SHA-256:2A97CB822D69290DF39EBAA2F195512871150F0F8AFF7783FEA0B1E578BBB0BA
                                                                                                                                                                                                                      SHA-512:1B204322ACA2A66AEDF4BE9B2000A9C1EB063806E3648DBAB3AF8E42C93CA0C35E37A627802CD14272273F3F2E9BC55847DFA49FC6E8FFB58F39683E2446E942
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].T...:...:...:...9...:...?...:...>...:.K.>...:.K.9...:.K.?.).:.A.3...:...;...:...;.n.:.A....:......:.A.8...:.Rich..:.................PE..L...]..d.................n...J.......R............@.................................u.....@.....................................x.... ..|...........H....j..............T...........................@...@............................................text....m.......n.................. ..`.rdata..Fr.......t...r..............@..@.data...............................@....rsrc...|.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdateWebPlugin.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):384808
                                                                                                                                                                                                                      Entropy (8bit):4.377540113876844
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:A3sX2IVBI6XgpbbreB3Hu9+323+iIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBU:qsXTIgmbl3+eTixcvcXbM/H
                                                                                                                                                                                                                      MD5:1B7BD9F313FC670D5DFC1EDFEEF50D0E
                                                                                                                                                                                                                      SHA1:F95F0DB0E6392022D314EFD14F9B4D542D2DF3C2
                                                                                                                                                                                                                      SHA-256:968A9AE84C45CF635CAB1F50843CD970FAE0BDF3F7837FE26D7D64C8E3C0A837
                                                                                                                                                                                                                      SHA-512:232FFA2890FC3504EE8D2DECB80603B5873C8AC9E8F92D09E3E4BE7AFAE7DD88121CD176F5C487BB59809B577705F226B7C63D8743CBE4FCEABFECD429D765FD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.................................5.....@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text............................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\acuapi.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):561456
                                                                                                                                                                                                                      Entropy (8bit):6.89287156869539
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:Yfpc+D07/a7PLl5FibVV1e80fe7KM7DhphezIhSMXlLSGvYOO:ID0KcVV1e8IkKM7DjhezIhSMXl+onO
                                                                                                                                                                                                                      MD5:A400B5A4A3CA4745149ABAA4C58FAB2D
                                                                                                                                                                                                                      SHA1:D8BC7CF9735E4A6958FEB7079A505BD1C4516F24
                                                                                                                                                                                                                      SHA-256:89515235500904C8BD34844D4C71F2707750BC5E7C48AFD3409B012EB5A1E544
                                                                                                                                                                                                                      SHA-512:2762EE517E08FEBA6345521ADF6C516352B672882DB2A6D3220F2A62A60EFB6CB2DD2AB04BDC20A60092A5922A4B7C83484C8FD3FAAC3BA817A4BDE84D23592A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................E.....................................u...........................Rich...........PE..L...[..d...........!.........p............................................................@.............................l.......(....@..p...........HT...<...P...8......T...................@.......h...@............................................text...d........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...p....@......................@..@.reloc...8...P...:..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\acuapi_64.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):719056
                                                                                                                                                                                                                      Entropy (8bit):6.672324901238704
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:X+vBHtQ7iF5WOFQYOupOwoH6LztpMQV/t9WQF2FiWurraKlIDn1LGNGho44v+aXx:X+5HnQYOAR7WGtZhezIhSMXlgIv
                                                                                                                                                                                                                      MD5:56464A7270CDE8F1EFE3A4DF0C7FBA88
                                                                                                                                                                                                                      SHA1:3B857008BDB409DAEF3441C656C0CA09B283F80E
                                                                                                                                                                                                                      SHA-256:85FBCDB8D8FF254D35664000529BC1FDE00427B624F806E6A2CF839AD7332698
                                                                                                                                                                                                                      SHA-512:A0E7E8C45129E44D775DBB3DE53D72F17EA17EBDCCA89C0C69B56FB6AD3694227466452387378F915241390769BDF42B5E58D104C8C1839915878DD698F30CDF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.b2w..aw..aw..a!..`r..a...`{..a...`...a...`c..a%..`y..a%..`}..a%..`8..a...`p..aw..a...a/..`u..a/..`v..a/..av..a/..`v..aRichw..a........................PE..d......d.........." ................................................................aB....`..........................................A..p....A..(.......x........A..H....B......$...x...T.......................(......8............................................text...,........................... ..`.rdata..n}.......~..................@..@.data....?...P...&...8..............@....pdata...A.......B...^..............@..@_RDATA..............................@..@.rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdate.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1707520
                                                                                                                                                                                                                      Entropy (8bit):6.329347716504747
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:Lpkb22RntN0ttjsz1srDlmsmTKmTyuuNV:Lpka2Rn0ttjsQlms7
                                                                                                                                                                                                                      MD5:5F2D68D3FDAEB09AE78622A5AE59FCE0
                                                                                                                                                                                                                      SHA1:D959C2A9E03C0C4017682C5F48EB1BBD84DD796E
                                                                                                                                                                                                                      SHA-256:F2AF299BE74EBBFD19BB476D66BDE4D55BFB571004B6349EB5EF1971955F683F
                                                                                                                                                                                                                      SHA-512:D0F9BA99DF9153A8487FD0C4A3F81C0138AEABAAED9875A8E175531E2BDF18F7B89AE14CF52BF7F546B3B5076B87080096D5C15558B9BD16A44585C0C0171C54
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........n%.B.KMB.KMB.KM..LLC.KM..ML@.KM..HLP.KM..NL..KMsS.M@.KM.zOLS.KM.zHLZ.KM.zNL..KM..OLc.KM..JLi.KMB.JM/.KM.zBLr.KM.zKLC.KM.z.MC.KMB..My.KM.zILC.KMRichB.KM........PE..L...b..d...........!................oG...............................................E....@.........................`...T............@..(...........H....c...0..........T...................@.......h...@............................................text............................... ..`.rdata..j...........................@..@.data....\....... ..................@....rsrc...(....@......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_am.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44008
                                                                                                                                                                                                                      Entropy (8bit):4.850152460164065
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FR/vRi4k4+R2T35Jy0Wp2xPxh8E9VF0Nyme:FlIZJQy0WsxPxWEc
                                                                                                                                                                                                                      MD5:72E47A3D3E835B08D1AE65D4F69F77E0
                                                                                                                                                                                                                      SHA1:7F086000901CF2518C35E1734EA1ED9E10DE369C
                                                                                                                                                                                                                      SHA-256:FF74207E5107DC2DA38AAA4DE10BC8EA83FAECB2BCA0BF985A7E5A6B427643C0
                                                                                                                                                                                                                      SHA-512:02124755B52423CF734C6CC28AF44FA7F8DC79EB4E9E475208FB6591AA2317A149B7EFC0E5E7A3DFBAEB9CDEF9ED69084C45DB6221003DE69D6AD1B45B9C09CB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........z............... ............................................@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_ar.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):42944
                                                                                                                                                                                                                      Entropy (8bit):4.835542008183028
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FruDM3lkCAu+JGPpHJy0W5m2Pxh8E9VF0NyhAd8:FUSlkCAd2y0WPPxWE7C
                                                                                                                                                                                                                      MD5:A37370A759932400EED7EAEDDBB482CE
                                                                                                                                                                                                                      SHA1:638E51217F7DF449D41067AB3135D5912517B858
                                                                                                                                                                                                                      SHA-256:F183305C17D1C06C3006816E1BAD733599E977C1207332799399CEBCBDC7DF20
                                                                                                                                                                                                                      SHA-512:9FAD66444C544519FF4898DEE7772923DD0708A27422D02475715E9F1B10C058CBDD8B4C53E8B0E25F7B0CC4B967DD33AD4A36BF21A4099699F87B69FEC4DD97
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...1..d...........!.........v............... ......................................{6....@.............................D....0..(....@..Pm..........H|..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pm...@...n..................@..@.reloc.. ............z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_bg.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46056
                                                                                                                                                                                                                      Entropy (8bit):4.8691314938087595
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FsBzeydckieGZBOcuUFjJy0WgXTPxh8E9VF0Ny6gIBb:FmLVEDNfy0WQPxWEkDR
                                                                                                                                                                                                                      MD5:01F941A4B83FABF16E5BC21100B69D38
                                                                                                                                                                                                                      SHA1:AB6E4B97F90CF44CE6463E96FC97BAFBFDD750AC
                                                                                                                                                                                                                      SHA-256:79E3DA0E23396DABF17FDC7850D84BE5BFC7D6C7E27D6A83EC2DD3537CDE8912
                                                                                                                                                                                                                      SHA-512:DAAD8ABF022623447EFB08B1B931F52F2328587FE3FED0D510D036E72CC0F293C8584D10F63EF3268768E93C75018CDF4D4128BF863D517B432EB758570C8EA1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_bn.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46056
                                                                                                                                                                                                                      Entropy (8bit):4.936222804071481
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F0aapGvUx7tYF7qWF0FrHF6rjbmBwRbooJy0WNRuyZPxh8E9VF0NykWri:FWsrBF0FrFnBwZy0WT/ZPxWE6
                                                                                                                                                                                                                      MD5:663E632846D59788FCEB10677488AEBC
                                                                                                                                                                                                                      SHA1:D55E88C98121FCEFF9D290E48982B7B4F2204BAA
                                                                                                                                                                                                                      SHA-256:1DFC05748521BCCA9C4BB71E2F02E2FA52B657D0F8DB1747BC9B4B27997A60D6
                                                                                                                                                                                                                      SHA-512:13F29325EA1C5055B4F344B7B43B52E754D3C1645263F0168F8936D26B98EB5E352E1F1DAFD68E99DC88A6B976A23BD0BA2DC1A73AC27186B8B5F742A18C8C09
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...w..d...........!......................... .......................................@....@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_ca.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46056
                                                                                                                                                                                                                      Entropy (8bit):4.655403186782661
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FTYiIP42ArzVuJG4bPl7aJy0W3kPxh8E9VF0NyVhQ6:F6Q2ArBuhoy0W0PxWED
                                                                                                                                                                                                                      MD5:EC63069EFD260AD24F218AE84882F3FF
                                                                                                                                                                                                                      SHA1:5875DEFDF669CC4747C4F68536E9117DE2BD4A53
                                                                                                                                                                                                                      SHA-256:BC60127E50FA8E89422966554F1E9319A0E0DD750525812463E0560E48D92FBD
                                                                                                                                                                                                                      SHA-512:13D4FE8F6227C54EF928CAE48F8B2854218DA04174B60D70BCEE410C248AD2CFA974402093A795AE275C5F4CDCECDD9426B50FCDBC3F0F64B6F0B0D9BB06EA2F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!......................... ............................................@.............................D....0..(....@..(y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_cs.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.69656607023198
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FAthlsBWpKJkbYAA+fjoDJy0Wim+FPxh8E9VF0Nyy6:Fwb+y0Wt+PxWEs
                                                                                                                                                                                                                      MD5:0FCE99454CFCC351D251FA0E9EA77840
                                                                                                                                                                                                                      SHA1:7B9575192E105B4CB724F51238A2E5E956A76425
                                                                                                                                                                                                                      SHA-256:8DD39E95CD3515398AED12677DB59D71C0773588FF927A6A782A3BEFCF5B1F5D
                                                                                                                                                                                                                      SHA-512:61AA083B1C5E2EE9DE23C9BB14B25DEB71A3E6F962495542F83F8D068D5046722D287A7EF5247217FA5EA712572B0EEEADC1B2B3263CB70C061648FED030CEC2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........~............... .......................................5....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_da.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.656501839350111
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FIq7uqfNnwtpY6PSKpJy0W/s0UEjPxh8E9VF0NykMR3nD:FLHnwkOdy0W0lEjPxWEqq3D
                                                                                                                                                                                                                      MD5:D6F44DC235F838BF4E52165182FC0969
                                                                                                                                                                                                                      SHA1:1EAAD935A6FF147ACBB041397B9E9D63B0EE1270
                                                                                                                                                                                                                      SHA-256:8883FD2E7810EB9C4DA66888BC548074FE990AE652CE59A053CBD25E39AE08DB
                                                                                                                                                                                                                      SHA-512:20792C1D1E1C174EB86F72BA92F83A92C025DEBF68DB2BA9E3C9346FE4ECCEAFE0F94BE62706CB8D16F8A6529A9358A4FC8A189B22178E501B654A1D4F6952A8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...a..d...........!.........~............... .......................................D....@.............................D....0..(....@..Hu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_de.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):47080
                                                                                                                                                                                                                      Entropy (8bit):4.647516797051505
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FjmAR6HUj8gtdF0Me39ADEZoJy0WwymPxh8E9VF0NyaBB:F6ojeMe39APy0WwPxWEc
                                                                                                                                                                                                                      MD5:42B89B0A42B907D63FE680AEDD8B32C7
                                                                                                                                                                                                                      SHA1:2B36C8BD041331D835DD897AD5FFD29E41ABC52C
                                                                                                                                                                                                                      SHA-256:E1B6FA1ADC79ADD6CE803DFAF4CE5D5E4DB70EED08223C4EAA381CF0EF55C62A
                                                                                                                                                                                                                      SHA-512:539D3B51BF450BFB80FD90D52E8A8C2BE077ED39F3E3657FA21DE4B65E391144AFB80CE6C57AEF340EC67821EBA3A886B2E072F7D64152119187ED374B5A73C1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................_.....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_el.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46568
                                                                                                                                                                                                                      Entropy (8bit):4.945276126044921
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:Fkwaa8EpeILkSIrGCSqlIxRFiAhAu8zBdfsBsTbV234sJy0WRiDEPxh8E9VF0Nyg:FgCplLO+R5U/+y0WoDEPxWE1
                                                                                                                                                                                                                      MD5:CB574CC86D8FD65185E9C93547D9B98C
                                                                                                                                                                                                                      SHA1:1271590C4BDED66D5179B1820E9F66C243DEBCDE
                                                                                                                                                                                                                      SHA-256:7AD4C02B86EFEAC6E068CB0A47D50FD305C2306D71D1BB9812BE9F712597FBDF
                                                                                                                                                                                                                      SHA-512:E170E7A987646CFC71D9A18FF7119DAEA7AD9C57040C4BD131F86499F663328E9A82240F130699AC10F9D2DDC04154C6D2661A32D768E98B40A0472698E31C3F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................X....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_en-GB.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44520
                                                                                                                                                                                                                      Entropy (8bit):4.636317941438334
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FR/vElagyh6QuXCA702Jy0WEwRPxh8E9VF0Ny9+W+Eh:F9gagyhiX9y0WFRPxWEjaE
                                                                                                                                                                                                                      MD5:D73F4E5F97B987B8CC6403909C3E6242
                                                                                                                                                                                                                      SHA1:0A7075A927333557161BCDE22D08C35FF7636425
                                                                                                                                                                                                                      SHA-256:30CD762237C21B6FBA4E0B165EBAB83A997C093BB088A3DF56CEE400F5946439
                                                                                                                                                                                                                      SHA-512:F7B561BCA0F7DBA8BEB19EA4E2B041766FCEBB940776ABD4C79E561ED0997E6D8E3F27927E5DAB6F03CD45ECEFB568BD872DC67F456BF19881546B51DE955B13
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................L.....@.............................G....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_en.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44008
                                                                                                                                                                                                                      Entropy (8bit):4.6565699525229025
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FbRnyUEagyWmpRjy+Jy0WXyDPxh8E9VF0NyYIm9:FbE5agyWqby0WGPxWEm
                                                                                                                                                                                                                      MD5:2059F62477F33F9943DCE5DB380F09A1
                                                                                                                                                                                                                      SHA1:62300C5FA2465D535D77B9D378BE7039CE32A234
                                                                                                                                                                                                                      SHA-256:CA0F11FE6BCD7CBD9897F73A0B5208C49779B298A2DF260CE084912AE73E5C66
                                                                                                                                                                                                                      SHA-512:AEC61BB34B79A6666E8EAF56372D049F184F02894B8425FAADAB9C4A2E812BFECF250FE561CB92FED2F3B965735BC2E7E97904C2667241A840611C0F4E0C768F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...L.d...........!.........z............... ............................................@.............................D....0..(....@...q..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_es-419.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45544
                                                                                                                                                                                                                      Entropy (8bit):4.646030612051221
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FI4fk8AqfN4imEDMaJy0WG6sPxh8E9VF0Ny2C4:Fdk8TfN40xy0WiPxWEIv
                                                                                                                                                                                                                      MD5:E4A1B678F8B6FAB9034EC4657F1D264C
                                                                                                                                                                                                                      SHA1:4ACCEDA598F41B7FED6EC58E65121D0A37256638
                                                                                                                                                                                                                      SHA-256:FAF3E79C113E5423DC0C2308FEEA2B1F1D8A5AFA1BB2D9AFCF4684DAF4B6CA95
                                                                                                                                                                                                                      SHA-512:2F0E1015224B255535ECBC3691E4F96A6885DC59CDDFBADCA160DA9A45C6BEF2C24AFB6FB3057FE7144E739AAB54F6BAB936A9EA59450411B8E02B318E495B3F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...5.d...........!......................... .......................................2....@.............................H....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_es.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):47080
                                                                                                                                                                                                                      Entropy (8bit):4.630177626115215
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FwNCID1Nz518DNQJy0WEnKPxh8E9VF0NyON:FbIxNN1SAy0WlPxWEo
                                                                                                                                                                                                                      MD5:5F9A8F94E5B85C41CD81F88119D04F30
                                                                                                                                                                                                                      SHA1:D5DAC5F57002A1B43B0A83EADC9D2627492505B8
                                                                                                                                                                                                                      SHA-256:AC2418963CA15734DE3135131C1BDA03D7E602034DFCA75F8D11BCA47B577AB9
                                                                                                                                                                                                                      SHA-512:A9BA94B650BFE076584D1F465B293F49C9DDFEF747EF51B728FB4988391874542F8029BF4699B304132C8B96A29F29935A213102F3A8EBD3086C54BE6ED86388
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..p|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...p|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_et.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44520
                                                                                                                                                                                                                      Entropy (8bit):4.645463686029905
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F3EEy0TbDFbDZETJXTSQ8QjGJy0WizPxh8E9VF0NySS:F9j96dHYy0WWPxWEE
                                                                                                                                                                                                                      MD5:9BC3B29E68A70E0DA276D2F80D5609DF
                                                                                                                                                                                                                      SHA1:DA3DA32BCA70E64D461B2B7F25C0FB1B0B4B5A0D
                                                                                                                                                                                                                      SHA-256:19BA49FA519608B6955018FB8B77E39D1356EB1817A8993622F8565322C14CFA
                                                                                                                                                                                                                      SHA-512:2781E997A4F3C92DE141F14250098779307513F4E7C4D493F40341B6A4FDF09671E6FC64781D2AF38B5F19FB8CDF9C2EC03A5724B291F8D279FFF952AD3DD3D2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................:.....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_fa.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44008
                                                                                                                                                                                                                      Entropy (8bit):4.845272670813686
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FqrH4OZNIY5pihSQJy0W3ZPxh8E9VF0NyFxn:FO7cy0WJPxWEj
                                                                                                                                                                                                                      MD5:5089CC134B762C266A2D935DA3C8334A
                                                                                                                                                                                                                      SHA1:E4D142E7B12A64B396E83698467900209B2345FE
                                                                                                                                                                                                                      SHA-256:1D68B46775921FDE73E30BD0DEA980CEE5D7ACB191DF2D91E16E934400609B20
                                                                                                                                                                                                                      SHA-512:3A551EFDCC0C0D221EB8BF883EA5312C77FCAEFED6D1EB412351B63945DE9F905F2968C21DBEAD7634E180742DF668F8D1A5A2DBF1EE2C4102AC51291B7B1C3C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... .......................................r....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_fi.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.6596573287160785
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FCcrgPnEzPhXY7R799hKh1GAm/RnVJy0WhhHPxh8E9VF0Ny9rrlR:FLinEVmNgiy0WDPxWEvf
                                                                                                                                                                                                                      MD5:5BAB01B758FCB17579A8AAA3ED7A6787
                                                                                                                                                                                                                      SHA1:53800C375AA17BB906ECA53548FA70191AF221E8
                                                                                                                                                                                                                      SHA-256:874E4BD71B4604929D88E50D673D52A1A1BC6AFA78C244DD642BA20F302F3E44
                                                                                                                                                                                                                      SHA-512:05C5936FE09642E71FF8A8ADE4F4F2283B67E8EA79B58C856008DE14CB7BA1163EDFE54B16E517CFF1354693792627B1CAF45D8F0BE5A3D563B9592A4711D4BF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ......................................3.....@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_fil.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46056
                                                                                                                                                                                                                      Entropy (8bit):4.640479522161056
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FUJKU7UNPli+B3RVaw7ykIIjyC/zaJy0WLnaPxh8E9VF0Ny4S:F72U9li+B3RVawW3WrSy0WbaPxWEG
                                                                                                                                                                                                                      MD5:17F5249CFB6519985F90655B8D802117
                                                                                                                                                                                                                      SHA1:2A09E55A2FD07214DAF47A331B6CDDFEA543141A
                                                                                                                                                                                                                      SHA-256:2362F65816A9D66D94E1B3B4BCE49D2E967B5C92C9326321107A84AB811ACA1A
                                                                                                                                                                                                                      SHA-512:0EE92E8D81A4E6988F1D2315D5E2AA78629EE142E38D6F104F5115FD983CC3E98142E88859DBCA879315A6843A8AE65B26C507AC4EF25D3B11293551C0B90DAD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................k.....@.............................E....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_fr.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46568
                                                                                                                                                                                                                      Entropy (8bit):4.662517782893104
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FM1NdxA98EoIcpW4xq9aJy0WbiA4Pxh8E9VF0Nyko9hl:FadOaIcNjy0W2tPxWECah
                                                                                                                                                                                                                      MD5:FA87C9DCCA6C104EF4B31FA398150A98
                                                                                                                                                                                                                      SHA1:22A7F252994BD2C99ACA4F1C544BA1E88A249F4F
                                                                                                                                                                                                                      SHA-256:0B5678F58A8F8C8619D0940D981B40971F8B42028EDBB2FA845731C747D3B567
                                                                                                                                                                                                                      SHA-512:FD918AC8E95A7CB33CFCC141ED25F1D5848497BF3645F912FCDBEA64A1BAD1ABB440248E2F56E1C7D7BA8AFE4D3B44D83FEB8C759970203F5CBA147737F4C3B1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...b.d...........!......................... ......................................<.....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_gu.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46568
                                                                                                                                                                                                                      Entropy (8bit):4.923122510985089
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F0Uc/d3UTeAV4DzYCQ+fwmkIjkiJy0WpJ84nPxh8E9VF0NyZEdgnV:Fm1UTe7VbRy0WpPxWE/V
                                                                                                                                                                                                                      MD5:E9C9B0BAA58684779947F9DDAC85E83A
                                                                                                                                                                                                                      SHA1:FE70F8278CF6594D111BB53E0059F1C023AEDCC0
                                                                                                                                                                                                                      SHA-256:19154A82982A69B588B8A89AC086E80E515B05704899E1B8CA7AF3DE460568F5
                                                                                                                                                                                                                      SHA-512:41A03F1FA4242E5297F3D4FD18911B64AB1D31E529C964A7A5327E3B8C1389BD1F9CE4EA5A444D64B36808D908BF663235DA81BECA3145049257E258E483FBA8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................B.....@.............................D....0..(....@..8z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_hi.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.8817065986468595
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:Fc6qx6AN6Aaqxzxm8qRXtpqCGay0WKLPxWEE:Fc6qMX31LPx
                                                                                                                                                                                                                      MD5:282452593ED4C14AA8AD486698BCBB31
                                                                                                                                                                                                                      SHA1:8CF912912503649E440E632CEA6B4427A0B1102E
                                                                                                                                                                                                                      SHA-256:CA151F677D1D9ABC95C708726B3D04C62AC7C7836ED9B875C5B1F7D67BC4F75A
                                                                                                                                                                                                                      SHA-512:9FC0A8FC7641A104B3976F37421DCBA2083878DA535B3662A6FC1F697CEF5108D1715BA618806CAD4E74B13F2E2AAEA10090937F1BD13CDCBB9D8EF7141CFFE2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_hr.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45544
                                                                                                                                                                                                                      Entropy (8bit):4.6636431303483
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FZitIPeVOXz19zzMH5KBL/yoiGgJy0WXfjjPxh8E9VF0Ny6/R:F8I+5oL/xwy0WLjPxWEs
                                                                                                                                                                                                                      MD5:85D54C0B73692E53C5B8657ACD189EF5
                                                                                                                                                                                                                      SHA1:907D142F69B742F7DE5F8738325C7CAE9CA06ECD
                                                                                                                                                                                                                      SHA-256:4BAD5B8F0372FC19E9414F997B2CF713D81F48FEC6238CDBEFA65CF138E9F5A9
                                                                                                                                                                                                                      SHA-512:3B1B2792237EF8F6143644FF54D25E7BC95ABF1C89291B0B1BB16DE4C8CC00B7DCE18510306BC94C19CA2BEB33472CCF4DB2976D508E817F06A695F4FB4F6345
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!......................... ......................................F.....@.............................D....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_hu.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45544
                                                                                                                                                                                                                      Entropy (8bit):4.688666100525905
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:FfG7U7RPX1C2TycfBwGFTbeSTZ46931lBVZpjqAy3FGVsTsy0WMNPxWET:FfG7U791C2TzpwGFTbNZ46d1lBVZ5qAV
                                                                                                                                                                                                                      MD5:EC0EAC7B38E7B4FB9F4F3E97CED70502
                                                                                                                                                                                                                      SHA1:8A21DEADB00C4A23ED0EF2728C5EBE6D58D8E93C
                                                                                                                                                                                                                      SHA-256:D083015F17E68E2304A2F4C9A130BF2891A1B3545DCF35E3E6367276BC8FF1C9
                                                                                                                                                                                                                      SHA-512:43E7EC301C8E4E7259B6038EC5F17C52C27B64CAC69511B6325B50B949F56A782312D28D7264BF4469D3A48FCB73DE831DE0FB388735E1928774742B0D0E8383
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_id.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44520
                                                                                                                                                                                                                      Entropy (8bit):4.639484979051941
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FpZ0+vL3THRxVkAHqIaHQRf2I95yrUdGqPfpJy0W5C0NnPxh8E9VF0Nyoum:FEWfqgbfzy0WnnPxWE+L
                                                                                                                                                                                                                      MD5:351FAB792600FABBB172E0EB3308A6CD
                                                                                                                                                                                                                      SHA1:A9BD979F85AC2EE04B63A6F0A266EFA64318207A
                                                                                                                                                                                                                      SHA-256:FCF17CCCBD9988C121B3754DE7234B3041B7FE83C763A364AFD043297C780745
                                                                                                                                                                                                                      SHA-512:1C3F626FEF266DA6E8FA5737ECA5CF089150C7CCE2B990ED9F75B2757B509CCB0D15DD38B8CCFB05403C35DDD24745A2105D098B4855E951F987EAD934FC2552
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_is.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.658477005342536
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FOKL63eZkioif2lIPaAjYkUVQFoMUefV3PONJy0WBDPxh8E9VF0Ny6xL3:FouyibAIibkUVQF5UefV3iy0WFPxWEU
                                                                                                                                                                                                                      MD5:85BCF7664BAE9ECB72C8480214FAE669
                                                                                                                                                                                                                      SHA1:172FFCD25B4956AB674C008BA1BC6796FDBA11DF
                                                                                                                                                                                                                      SHA-256:45F41E8D25867AB8C2EF78B866FBED4A201CD451713AEFED27A1E6C4E550FE88
                                                                                                                                                                                                                      SHA-512:5A92ED998134963A7B76B44A5C6CA8F248BDBB13AFADDC72A5AD1915EC22C98415387295AE2E08209E1BFD866EF878BBBCCF9759C4442DB98340DFB6345B77E9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!.........~............... ......................................%L....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_it.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46568
                                                                                                                                                                                                                      Entropy (8bit):4.6324666300251005
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FLEXOjrIN+sah3MO/Jy0Wt9zIjoCPxh8E9VF0NyTKF8b:Fq2IN+P3Jy0WzI/PxWENw+
                                                                                                                                                                                                                      MD5:B85708D2C23D44CAC26488C1ADCD676E
                                                                                                                                                                                                                      SHA1:195D94B76B8D31976ED804DC79ECEE120BCCF6D3
                                                                                                                                                                                                                      SHA-256:DF621055A085663B147DBFD1F54961A7F4299E7714A69541CAC6E2A8DB17CDA4
                                                                                                                                                                                                                      SHA-512:83CBACA8F28F4855685365477B008993F00477C006B931B6413BA4FCDE89010B8BDFD0F4DBEEBF864802931BC95CFBDE7DF3D17CAB40D45661AF0B15143D78AC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..Pz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_iw.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):42432
                                                                                                                                                                                                                      Entropy (8bit):4.854173056599383
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FB3XBjD2r9v7hdVexaDyQa/f8sS+9GmJy0WJd1w4DPxh8E9VF0NyYok7o:FCFNMrSQy0WTZPxWEym
                                                                                                                                                                                                                      MD5:05AAEE6122E3534C4ABF3B3D95E6EAAA
                                                                                                                                                                                                                      SHA1:D17CEECA35099A36BD99CC017A603B4F486D9FE0
                                                                                                                                                                                                                      SHA-256:C7292A8852AF042741E768702611672C3CB51E6291A3856249FF240CF5D238A4
                                                                                                                                                                                                                      SHA-512:A58EB20DDCE03517804A80C536DDBD7866263A68D362AEBC9F7991B81ADF62069CBD39582A88F06F125DBC666EA5CA07C95CA36763B72FE22C6784A64F9CD8EC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........t............... ......................................H.....@.............................D....0..(....@..@k..........Hz..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@k...@...l..................@..@.reloc.. ............x..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_ja.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):41408
                                                                                                                                                                                                                      Entropy (8bit):4.883723947959775
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F/RouMWEHjkgWDMNGJy0WUqcPxh8E9VF0Ny1nB:F9HEDkgWiey0WkPxWEXB
                                                                                                                                                                                                                      MD5:F88EF38633AF35044AD10C3400990BC1
                                                                                                                                                                                                                      SHA1:B605DA6DB49B5C7648912DBBDC17CD0CC70D7B11
                                                                                                                                                                                                                      SHA-256:9975AE9DF9F8B81C50DCCD0E95D5AAF279F7991071D09E05DC9F622E5497EEF8
                                                                                                                                                                                                                      SHA-512:D7BE229D8E65A47CF119AF62FDB6720D6A2C9263AC69B6AFA3FADB1BD79EC273D4B0842C73722B629BED0204558933BB108C1A156478E485A5304B39A9EDDAC4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........p............... ......................................F.....@.............................D....0..(....@...f..........Hv..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....f...@...h..................@..@.reloc.. ............t..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_kn.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46568
                                                                                                                                                                                                                      Entropy (8bit):4.954692594620765
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FQdMeRW2As8RBSBRPfetJy0WYhupRPxh8E9VF0NyHZ1GF:FX/swkOXy0W+YPxWElrG
                                                                                                                                                                                                                      MD5:56A3857ADD97B0AB7C19D551028545C2
                                                                                                                                                                                                                      SHA1:10F0A5B7A2FBE9221C133529B8A5E0B36B421C4A
                                                                                                                                                                                                                      SHA-256:30B0A74E6F825986E8794911FCFCDA4131B505BB0B5E93BECB098CC1BBEE8D1F
                                                                                                                                                                                                                      SHA-512:83C846FA62A0AB70AB07B57927F4F53305949A14E942DB8398E6C90769B47894BC9BCB4E3FB9748173A492C43FF5849E4CAF59FD5242757C0DCF7664EB05E522
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................L.....@.............................D....0..(....@..P{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...P{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_ko.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):40896
                                                                                                                                                                                                                      Entropy (8bit):4.911833136088746
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FCJcEWZFDd4IY+N1vZsYoRHgA12MrlxB4xRkkTY1M5tkOe+VjJy0W7VPxh8E9VF4:FUlWXmmAq/jveoy0WxPxWEu
                                                                                                                                                                                                                      MD5:16454F5496343F3383905BEAD12F3388
                                                                                                                                                                                                                      SHA1:1F38F482A2957A5E19BCA744C13A8931E4AB73D7
                                                                                                                                                                                                                      SHA-256:4ADDF9F4A52596B37878C3CDEC55F962632272E6C81E4BE75F52C824CBAA840D
                                                                                                                                                                                                                      SHA-512:4D77D9102583AB084BD7BEE4345202CCA3F7AD1D9A307BB4486A38ACFDAE4F878908E411E1FC92B3CE08F284E3BD8C6DBF321A8F19592ECA7CBD257C413139C8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...e.d...........!.........n............... ...........................................@.............................D....0..(....@..0d..........Ht..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0d...@...f..................@..@.reloc.. ............r..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_lt.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44520
                                                                                                                                                                                                                      Entropy (8bit):4.677692678096642
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FGqI1qXnc9eHz0CwTF1B+jF2Xw1KJy0WFEPxh8E9VF0NyO/dz:FOackHz05TF1YjFmy0WuPxWE4F
                                                                                                                                                                                                                      MD5:E0DA28606791E47FA9B7D50F3637FA65
                                                                                                                                                                                                                      SHA1:00DF626C1C14D57DC0AB1EFCCFC3CA0B700F3F26
                                                                                                                                                                                                                      SHA-256:FB4C1B85935F88E2215CCA897993AFDE01740A36429B1D515905AD42A5F9FA5C
                                                                                                                                                                                                                      SHA-512:9795261821859668D22D63086EC0A6D034043859229138B7899A862DDD6317754479B5D53ABC24895BF91A4370C4648EA9CBED1858E4F44992C6C498090DB1C1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... .......................................A....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_lv.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45544
                                                                                                                                                                                                                      Entropy (8bit):4.703009692113209
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F4sqvepyAxOeKdeccQJy0WZy8Pxh8E9VF0NyISi:Fw8fey0W08PxWECz
                                                                                                                                                                                                                      MD5:C8802E1E924F5CA936D967BE9FA5DA69
                                                                                                                                                                                                                      SHA1:31FC7A8BCE71548AA52D0BBB877416BD3B647D98
                                                                                                                                                                                                                      SHA-256:92CEC5B3CF76DBA98E62A750EACDEE2BC871364133A4C76CDB1E8AEFCB702BC0
                                                                                                                                                                                                                      SHA-512:4289AAC7A6B5AC3EC0BC767612965D9F9386C832B6F98D44D245CB45D6239C620E7FFC0EBD47793C9014CBAB9B0BD56A6467191806841DA17059C3FE45E2F217
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_ml.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):48136
                                                                                                                                                                                                                      Entropy (8bit):4.926909967496055
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F/TZz4S1BzFZygd8/JLosSJy0WucSjPxh8E9VF0NynYWq:FrR4ISJLgy0W/SjPxWEFY
                                                                                                                                                                                                                      MD5:16F9F18C873FB7C00F08917F1AF83EB3
                                                                                                                                                                                                                      SHA1:0FB99CC388FE54D5AA875F79E65A0A73E99D9323
                                                                                                                                                                                                                      SHA-256:E6F74C212F2E8EB4163C2DDAE84F488B73DEF9CE886340F4A9AF6864978D859E
                                                                                                                                                                                                                      SHA-512:799209ABEC146B52F3EB5C4D5AFC3DC6482A3B0CFB21C1F1F876BD87D1014E7079AE694C12A80D4660063D9C3D309E9028B4A90887572BCB848B5ABC21AB7317
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...l.d...........!......................... ......................................[.....@.............................D....0..(....@..8...........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8....@......................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_mr.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46056
                                                                                                                                                                                                                      Entropy (8bit):4.898551846960824
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:Flbeoedw/7JK7bABYlNpJy0WfWPxh8E9VF0Nyq4D:FAlw/7JK7b9jy0WePxWEU6
                                                                                                                                                                                                                      MD5:B44F9C9DCB53514D6A496C3506F74DBB
                                                                                                                                                                                                                      SHA1:1DC610693F782D08E3D6985351C298A61AE40614
                                                                                                                                                                                                                      SHA-256:430FEF5E3BC821188BFC9A180334495B92CB0E8D8C7FA0CED774031D9A7FC8B6
                                                                                                                                                                                                                      SHA-512:B7C9E4F838BFEF2B781D3871455D7B850135B8FF97FC1968E49BC2AC0B0B1F33DA759AD34F8E43D858A0971F8C2DDCA51925A5A65061E5B90DC4505405DC5748
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................8....@.............................D....0..(....@..Hy..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hy...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_ms.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44520
                                                                                                                                                                                                                      Entropy (8bit):4.652027629630858
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F546L/TKrQLtUv6oNpaAYjZZ/fbMgTRlRE/5nJy0W8g/Pxh8E9VF0NyNDA/XV5:FVw+f3TFAy0WH/PxWEXDiL
                                                                                                                                                                                                                      MD5:8E1DC4C71BC03D10ED3BD2293B6C3A21
                                                                                                                                                                                                                      SHA1:6649BCDF0D137AFFA4CA983135FE5EBE3336A495
                                                                                                                                                                                                                      SHA-256:0C0B827C7ED352F5FC376B3F2F2064CA7A27828907BE77C66585CC457A769F16
                                                                                                                                                                                                                      SHA-512:AB785D0FFA1F7FA7754254905752366B9BE7B592248DFCF036B087A2EAD07E112228B4D36B954DAEFF2ADB24A0566A9552168BC3FE7FCC5E4DF0E56A95B8042D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................7"....@.............................D....0..(....@..ps..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...ps...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_nl.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46056
                                                                                                                                                                                                                      Entropy (8bit):4.64263735417891
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FUdjv7nGXd/T32SPxLLJy0WGT1+Pxh8E9VF0NyazyEH70:FwGtKqNy0Ww1+PxWEU
                                                                                                                                                                                                                      MD5:9DAD72B74700EEE3D33603BFFF9E1F98
                                                                                                                                                                                                                      SHA1:5C9DE57CFD021549D6B34AE225E44BF0BFD662CB
                                                                                                                                                                                                                      SHA-256:6BDEF62FBFEB7B054E17F463C24A878F537EFFC82F8E3CF96D977265E44F2659
                                                                                                                                                                                                                      SHA-512:DDF30DD81788173FB0332B548C40A03B9BBD1B32074C54C36150D7AD64AA7DF5974A8FE6D2155E17E22A505F66DFC54147E7B9F88B644EC0F573ACBCB61992CE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...[.d...........!......................... ............................................@.............................D....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_no.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.660574455025035
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:Fio75JZSiyCSiyVKwRAYSTv4q6K3Q5PacJy0WlxjPxh8E9VF0NytvuLK:FWhCYWv6K3Qby0WbjPxWEHGLK
                                                                                                                                                                                                                      MD5:EE0889163C7A670DD81A3E05D52EE458
                                                                                                                                                                                                                      SHA1:A7A834305FAC8F75B1556234F5C0381623B29984
                                                                                                                                                                                                                      SHA-256:E1960E7A05427B85D79F60F8A163A68CC29C6011A87521DCDC00B1F1A3D8B606
                                                                                                                                                                                                                      SHA-512:679C4163ECE96C888D3B72926A1BD710C444A07290E60DEB274A7426B7850826650F3CAEF4338639881526F1C7FE179C12AF671C13BF24BB5E67052B37F23D88
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... .......................................}....@.............................D....0..(....@..Pu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_pl.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45544
                                                                                                                                                                                                                      Entropy (8bit):4.699948735964885
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FuwzJhn7KZHCCN08Gp6WDgxTJy0WppKPxh8E9VF0NyKNky:Fb7y3+yHy0WqPxWE8a
                                                                                                                                                                                                                      MD5:4C826E19B27FC31A8141C1735A3A093C
                                                                                                                                                                                                                      SHA1:E74FA47D26AB8A2C45E6DB2DB94E27FB84FA6437
                                                                                                                                                                                                                      SHA-256:421DDAAB31E480790E5989E145C050010959E629702E3187870C12E451278A92
                                                                                                                                                                                                                      SHA-512:0AC44BD5A24B05D49B08ADFCD53C7C5A45D97E8798A854AFDF9BF374438F657C56255C690BDF0837EA154ACB71DF83D0DF1491DEC7D5D4DFB9FE272AB507C593
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..(w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_pt-BR.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.66752824702996
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FGTbq/Zc+GZX8aF8zQJy0WCJ65Pxh8E9VF0NyL5:FuCFSy0Wk65PxWEd
                                                                                                                                                                                                                      MD5:C5DA26E0E296C4C1666BF60B0CE16911
                                                                                                                                                                                                                      SHA1:93D4C57699BF8AA981E3EBF8B33992F2CA45DE75
                                                                                                                                                                                                                      SHA-256:5A04FEA91640E065F67F1427F171270CE769CB3E2155F340834C935783AAC634
                                                                                                                                                                                                                      SHA-512:E6175D639071FD13F00ABB0C2B1876387899158CB824182783710C1177E18B5E02B18B70C0CE91F32F1367F8CA5C92F1E8D1F98BA6918D7312BD6ADE56D9FABC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...O.d...........!.........~............... ......................................-C....@.............................G....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_pt-PT.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45544
                                                                                                                                                                                                                      Entropy (8bit):4.646340111209961
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FVEK+wstFNEx6ewBIiI2XhJy0WQGSPxh8E9VF0NyC2nEm:FVUMx/ULry0W0PxWE88N
                                                                                                                                                                                                                      MD5:1ADDBCF6719F81E880737EF30CA89BE5
                                                                                                                                                                                                                      SHA1:043C046AA3420339067C6DDFFBA253393057B0A3
                                                                                                                                                                                                                      SHA-256:9E229B99EC1725BA355B7F905A46BD4C7D15DAE3A7FA5CF54A8C199B6BB572BE
                                                                                                                                                                                                                      SHA-512:6931634D5096C236930FD4CA3C850D9DA325010DE96D99A7C26EEB9E7153DA7F4D3203F7D332820DE5F4D045296CDDBF9890EB6D157E27E82C46AA098EB6ECF7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................Da....@.............................G....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_ro.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45544
                                                                                                                                                                                                                      Entropy (8bit):4.668533720243672
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:FTnC1yNbMUB251BRHc871nDtCsy0WK4PxWEr:FTeBRHnRDLJ4Px
                                                                                                                                                                                                                      MD5:0802BEFFB8CC1942F450403A83DAD91A
                                                                                                                                                                                                                      SHA1:6BFE6CFCFDB789FE15365AD39AC60D7CFA782C31
                                                                                                                                                                                                                      SHA-256:A15770A440E09967BBB25E4B8B326AE2596DD80F483CE12AA21678D0DBAD9233
                                                                                                                                                                                                                      SHA-512:6F960C168536251F871F1FD3EB6E62AEA407DF0FE3218EBCEBEEE2CD5B3DE0675CDD874253F3259776B9338FFB9B6B4C608E769E21F9847C25600E3769B303BC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_ru.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44520
                                                                                                                                                                                                                      Entropy (8bit):4.876003031420293
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:Fm5y4uF44vKAvHdho4d283lmJy0WR22dPxh8E9VF0Nyvdz:FtZvHsFy0WnPxWEJ
                                                                                                                                                                                                                      MD5:722B3E9E83D16481C12B803537F72AF3
                                                                                                                                                                                                                      SHA1:D245E7A40305CFCA26A9EE4B95CB7C1859EBBDB8
                                                                                                                                                                                                                      SHA-256:F44BBD97D7B300262AB1F9D4C918B3B980D41419E91669B04E36756A5683974D
                                                                                                                                                                                                                      SHA-512:4A5A6DCF554C97885DA2632850CE380A7371264F78D0E268E34690E6820CDC2B7B671F7055709DD92A77291FF618FC9619308B89D4D7920F46CBFDE284FB00AA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...9.d...........!.........|............... ......................................GM....@.............................D....0..(....@..xs..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xs...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_sk.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.69456859037089
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FpXaHdicuh+PiR6gLTPB2wJy0WELPxh8E9VF0Nysz9:FpQqjRjJy0WKPxWEy
                                                                                                                                                                                                                      MD5:F8796BBEE22813BE0658163260FADA1B
                                                                                                                                                                                                                      SHA1:F0AD54100A996E41011D9FFBE084CE7681299C9E
                                                                                                                                                                                                                      SHA-256:8EE1C8984C63767959CD2ABC99BDBD860DA47B9D4B762982E045764F2FF56FE0
                                                                                                                                                                                                                      SHA-512:8D9D3168D4D4A7E50AB856D3BB87CDABA5609B809BF0BDB9BFF00D7FD925B4AB750FA19DD9FD44131B46C72F87852D1FFC76144DF3F3CA450A0E173BFCB3C76D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@.. u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_sl.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45544
                                                                                                                                                                                                                      Entropy (8bit):4.657549160186828
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FuqToeST0shVyixlk5TpWBdf1i2IXouscM89Jy0WrTpKPxh8E9VF0Ny2WW:Fhv4lk5y1YZsAy0W0PxWEYP
                                                                                                                                                                                                                      MD5:A7B4B48A39BFD0C344FE3D41545B76C9
                                                                                                                                                                                                                      SHA1:B28B71015E1A3710F1C042291D398C6119FD48A7
                                                                                                                                                                                                                      SHA-256:C828237E6C4C8623F1F2E9598A62936769355EE7BEA317460CE645CC7AF1D911
                                                                                                                                                                                                                      SHA-512:1D15AA6913E32D7200055F8B29ADD8E5A2C4A9070B9CD906788E4DBCC5F5BD5FBC14E47805A051569AE51792C0065F8ED6F9414E968D466418B10056C0A541DD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................V_....@.............................D....0..(....@..pv..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...pv...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_sr.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.872942179610346
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FWPbqSW7ixHUjY13tGPJzJy0WEtqkPxh8E9VF0NyBF:FKqOUjudGHy0WwPxWEb
                                                                                                                                                                                                                      MD5:799B04C0C9700BAED67AE3AF641B8946
                                                                                                                                                                                                                      SHA1:25050A1D302F6F3BAB291FAF07C7AFB147BD6992
                                                                                                                                                                                                                      SHA-256:A77EC067351FEEB80B8F8375C98F993360CB52B7C5F90DA90A8C9A08CD544E5F
                                                                                                                                                                                                                      SHA-512:D3D15D4BB99EB167040A319BA56797F718DA3FAB1CDF131E290F5A9A03876C9F41705820EC52E55686DE7FD5B1969ED7896888A2358FD41DB3588EBB63ECD58D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!.........~............... ......................................L.....@.............................D....0..(....@..Xu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_sv.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.664578663662526
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F9a0GdxC7vc3ELOlJy0WcCDJjZ2Pxh8E9VF0NyP+/o:FRAxCDc3Eyy0WsPxWE9c
                                                                                                                                                                                                                      MD5:CA50F99E4418798ADDA414C81118C2B5
                                                                                                                                                                                                                      SHA1:2F24E7B5C81DF67236C1A692E3FF4091D10907F5
                                                                                                                                                                                                                      SHA-256:C055262DE24BBC07462232258CB082C6E6D5FF1502CE2909B9CDA46CD27ABF75
                                                                                                                                                                                                                      SHA-512:83C199505517CCA36FB86066C73DAF9C35611A5E58EEAD3F49AFF1631DEEB188CCBE7B671439CACC0904B3CDF9A7C8EAAE0CE371AFE14F4ADFD5D042D31D2C7A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_sw.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46568
                                                                                                                                                                                                                      Entropy (8bit):4.694492393037756
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FnHdpqgicgiY7upv4M5IOyAeJy0WXaQPxh8E9VF0Nyz1R2:F9QQ07Gv4M5My0WJPxWEh10
                                                                                                                                                                                                                      MD5:1DC167C856FE15596A907B56A5451F38
                                                                                                                                                                                                                      SHA1:6803F563B7F78C6D7133FC1D2C6126EEA1D9FEBF
                                                                                                                                                                                                                      SHA-256:E31B4E78C820A17124669D3A2B56C2373FD2C21BC5F0E87565C0AE8B5307E236
                                                                                                                                                                                                                      SHA-512:18FDE8537E95411C9814DB12E780CA7AD4E6756A97F2CE05CC30653E2C4F3735BD09AF6D2F9C23BC6ED5DB09231D8070E1025738B8C0B32214E217CBCD250A13
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................F....@.............................D....0..(....@...z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_ta.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):47080
                                                                                                                                                                                                                      Entropy (8bit):4.948448659499415
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:Fd08e0wcY51ZLm+4Lw3OTJJy0Wn+EsCLePxh8E9VF0NyK9Qm:FX5fY51ZLm+4Lw3wy0WXs+ePxWE8p
                                                                                                                                                                                                                      MD5:F2827506727689200C75B134AF3A81B7
                                                                                                                                                                                                                      SHA1:701B606A684B30BFA376F4F244582FF32BB9E6CF
                                                                                                                                                                                                                      SHA-256:8831BDCD00FE1055E32CED62DBC3437612EE704FD331DF35D8ADF4450C95D3B6
                                                                                                                                                                                                                      SHA-512:3069C2BFBE34E27A4309843B79585F89C44D0949F1EF51C3FBB79A91310CA8C8C9373E603E356AE1DA575A7D60A056FFAA2742AC356248A30C00BAB02B2AB680
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!......................... .......................................r....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_te.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46568
                                                                                                                                                                                                                      Entropy (8bit):4.900098776782017
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:Fxfyhq1o45Z4aJALD61VJy0WVDPxh8E9VF0NyEc:FshGV5yaaLDiy0WFPxWEu
                                                                                                                                                                                                                      MD5:C6A338676486B4405CBCFFD9E95B6DFA
                                                                                                                                                                                                                      SHA1:6B7E2FE7EEDB08B289FC4DAB01BFB1EC648EC416
                                                                                                                                                                                                                      SHA-256:EA52171A1BA9D431C9E4E99DB45EF64D5AAD5C224A80A731BBAC428D626360DC
                                                                                                                                                                                                                      SHA-512:08C73FB7DAA69E6D7F5E3A23D1D5761EBE158A7863CC754F80EF7CEB57100E2337819F6733203121C85FB898002660298BD8B9221D96E5B1FA3D96CC22D05406
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..Hz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_th.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44008
                                                                                                                                                                                                                      Entropy (8bit):4.898585189301246
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FAcYp+lrGsMKNMAcetNebrJy0Ww+w8Pxh8E9VF0NyHS2t:FaglrGszNMJetNmy0WttPxWEdXt
                                                                                                                                                                                                                      MD5:921A76FC57260B64D56F85651968A802
                                                                                                                                                                                                                      SHA1:DE76CBF4AEECB954EB67937D57FEA4D053AAA89B
                                                                                                                                                                                                                      SHA-256:CE33AD0DBA4BEC40377B9ABFED4EE3C03CF1F159DB500F95366C377F6FE49664
                                                                                                                                                                                                                      SHA-512:62BC3D4395562561A52E0A387454C631ADDE175AFDDAA3DE6084E0B55D89538AC49D3A7AC04EDDDB1E4013862AF9C3706D40EAF249443598A16B5521852DE00C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... ......................................#.....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_tr.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.710217028647626
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:F0Jp9ABk6qXQEdmvgh57GE+G9Ahrx++BzQSXjy0WebPxWEC8:F0JZhdmva7GESxLQK7fbPxt
                                                                                                                                                                                                                      MD5:5BA91381EEAE1785BA89FC890808C7A9
                                                                                                                                                                                                                      SHA1:CE3CD4E4007837F3A8D1629AA9366A0FAF4B2792
                                                                                                                                                                                                                      SHA-256:B6B7B4A056D3449349BD0981B48AD1DCBC32AA5B41C4FF9B680F994D540744EF
                                                                                                                                                                                                                      SHA-512:E8325BD2E545D322AD9627F6B631402A3868612B407C4F84CAD0B3C834EA0EA5D4ADF5DD88B7D539BC231B4651A5F2C0BFF1FC1D843005B1C96A56BB249D2DF0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_uk.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44520
                                                                                                                                                                                                                      Entropy (8bit):4.886468370762969
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FNUVbL1KgHWyC2EeEWNXE/GfuyziJy0WlUPxh8E9VF0NyJTgk:Fy31luhy0W+PxWEH8k
                                                                                                                                                                                                                      MD5:65C37B9914F7786AC7E3C3584C8F7A62
                                                                                                                                                                                                                      SHA1:3B2D785698F96CC92A6AF481283406657FFF65E0
                                                                                                                                                                                                                      SHA-256:9945A40CD5E0075A55A6691717D8A59C98BD85AE84E938041DD6EF5427A88B0A
                                                                                                                                                                                                                      SHA-512:5005A480EA3243F8232B44BA091A66227AC10CA51219B9915923B7C394538BD498B33062C1E88316BBD84CEBBCDEF80B901014A8A595DED29BDDDF2F85904308
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_ur.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.8564330106913625
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FmQE7wL2A+OmAcoWu9OeeZyYGdJAAJy0W5ySxPxh8E9VF0NyVQcVfC:FkE2A+OmAcoWAOeesYRQy0Wg+PxWEXV
                                                                                                                                                                                                                      MD5:CBAFB9B9B8760B0C3DBC3F0216C7513A
                                                                                                                                                                                                                      SHA1:0A28C2BC915B06C549DDADD8A31FE0A912090155
                                                                                                                                                                                                                      SHA-256:5E7C4916662FED930983ED046FF7DEF877F10D5375C510653C37A985BC547531
                                                                                                                                                                                                                      SHA-512:5FE40E9A820C46055B0E9934C5A8BC2E43BE90396436CD076752696C8576E2212D0A5D15F4C149866FC68500410727C1D30A6F1EF55ABDC0CF96DEA2F2BB3AC8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...f.d...........!.........~............... ...........................................@.............................D....0..(....@.. t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_vi.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44520
                                                                                                                                                                                                                      Entropy (8bit):4.771867334398084
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F+SM5fQghFjncDyv4Jy0WAWBQHPxh8E9VF0NyDff1R:FzYfDhVc5y0W3OPxWEh1
                                                                                                                                                                                                                      MD5:C34505DD2FAE316B795AE2D1E934AFB0
                                                                                                                                                                                                                      SHA1:864A67B9017573DD438AE321210ED720C454184C
                                                                                                                                                                                                                      SHA-256:0AF644546C66B952795B0A7D05AFCCFE87E9D572073C99F8CDCF146EE5705857
                                                                                                                                                                                                                      SHA-512:00B2FDCFE24CD17C7418E471BEC762F235669E0DB35D05D2023E155D0B543F65BA1115450D01FC5D02177AAA2CDAF10CC640506E6CEAB716F0C4F2ED44D7767E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...s..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_zh-CN.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):38816
                                                                                                                                                                                                                      Entropy (8bit):4.841517965818435
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F5xjPSJshAFBMHwzJy0WKGPxh8E9VF0Ny/NU:FrpAFBTy0WvPxWEJa
                                                                                                                                                                                                                      MD5:2BE99DBDE29BAB1363E5848B84362E23
                                                                                                                                                                                                                      SHA1:3149C9598CE3CB29EA0E756C9E12DCECB8628283
                                                                                                                                                                                                                      SHA-256:B5927FB9699C79D77B1D49F322BACE29801776CCEE4F91EECAE00F04F6431396
                                                                                                                                                                                                                      SHA-512:44E66C99747F6857883585653894F333B638A4A19AEBD1C9CEF6D264064EFAFD7A77FDED06F5F5C14F0E489E2555D17576EE3152E347CC74B8BC7E5741F3A5A8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........f............... ......................................c.....@.............................G....0..(....@..`]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...`]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\goopdateres_zh-TW.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):38816
                                                                                                                                                                                                                      Entropy (8bit):4.854603942594096
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F++/JutGmmBdcJy0WsinPxh8E9VF0NygBjY:FNATy0WjnPxWEKK
                                                                                                                                                                                                                      MD5:2667B44345F8C493F41C9C65B2B40B70
                                                                                                                                                                                                                      SHA1:0969DC5411520E3FDC242D6D1F5289DC69218526
                                                                                                                                                                                                                      SHA-256:3BEE374E97F8C0A2EDA5A6509CBFE21B4DC3BB9E0CAC62CA908F8EB049A3EFEC
                                                                                                                                                                                                                      SHA-512:8D746F5AA6A21EC1FBB05E35554396BCD0E017CED7D65409D721B75CC4DB04FE7FA944F4122C1BE1E6AEF47E1DEADDF444A943BF9D5632E906BE123013B85ECA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...P..d...........!.........f............... ............................................@.............................G....0..(....@...]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\npNortonBrowserUpdate3.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):519152
                                                                                                                                                                                                                      Entropy (8bit):6.796206581178465
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:bcP2nPG96akIIm7D0W1IK+K2XaTPwKwJIC:AP2n+96WD0vWoaTYKwJ
                                                                                                                                                                                                                      MD5:6B3F50DD9E9D077CD50902BF1B79427C
                                                                                                                                                                                                                      SHA1:32B57A6452CABF75DC4162EE026D396A13933955
                                                                                                                                                                                                                      SHA-256:9CC9D08D8E71D15E15D32B2A5DE58766A7DBFFEA37F476A739A42231C26A2777
                                                                                                                                                                                                                      SHA-512:5856C0B791F93E4DB5C0950568C45BCC3D132466661B7A9C1B85C21ADBEA91EB5C9744E67F5CF2877F934DA3C278550D7FDE294A6CAEAFC634CBCE71DBA40EC4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........iI..'...'...'..}"...'.rx ...'.rx!...'.rx$...'.rx".Z.'..T...'..}#...'..}$...'..}"...'.rx#...'.rx&...'...&...'..}....'..}'...'..}...'..}%...'.Rich..'.........................PE..L......d...........!....."..........[........@............................... ............@..........................=.......>..........h...........H....;......8I...&..T...................@(......H'..@............@...............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data....I...`.......8..............@....rsrc...h............J..............@..@.reloc..8I.......J...f..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\psmachine.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):396216
                                                                                                                                                                                                                      Entropy (8bit):6.6364472604888975
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:n4bSrQpVFWtouGV7AstKS4rHICzoHz25HxPqJKCJAOFbr0uY6ckgOdi:qSUpVF64XsS4rHIC7qVJz0eHLi
                                                                                                                                                                                                                      MD5:8648A09E9EB09453D7153101E25F8FCE
                                                                                                                                                                                                                      SHA1:B55B5E28317A5F1452BCBAC2704747B3DC4483D3
                                                                                                                                                                                                                      SHA-256:BE8DB74FBEF1CD2EEE7C2A8957B33634913EEA9CBD20B1E875B95878BBFBC42A
                                                                                                                                                                                                                      SHA-512:57BFF27A142062691507B1D99AB8086FACEFC3A211484B97281964F615F2C5259760622FA83155F4198BB48E3D2B54795B4E316D9156C293939D318ED959CDC4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......[....@.........................P3.......4...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\psmachine_64.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):521784
                                                                                                                                                                                                                      Entropy (8bit):6.353157166068969
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:lcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0ToohzmVj50ZfxA6ckV:bnSgciKFK/IMakZvvClDE0TooU10xH
                                                                                                                                                                                                                      MD5:29991826BE3385C3A92B49F672F92026
                                                                                                                                                                                                                      SHA1:9F16C72BA044E378167F631C41CE1B3D818E0806
                                                                                                                                                                                                                      SHA-256:7FCEBD4FF83566305500F9BFDD342EB57C502B427A12EF281092FAB94E142827
                                                                                                                                                                                                                      SHA-512:F525CDF3EA0B77CCA0475433E6DF3A577F76479C0B6BECCC0B41A147D9372A4BA8586D84FB0ADC5660A4BC28359DACCBE76691C604748AC56991210E344D748F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d...M..d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\psuser.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):396216
                                                                                                                                                                                                                      Entropy (8bit):6.636012823818412
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:S4bSrQpVFWtouGV7AstyS4rHICzoHz25HxPqJK7JAOY1r0Oc6cOgOdi:dSUpVF64XMS4rHIC7qIJW0ypLi
                                                                                                                                                                                                                      MD5:737520D5A13D92E1210CBFFFC64C109D
                                                                                                                                                                                                                      SHA1:F6677A3AA960225DBE682678289FBFFE4AF3C9CC
                                                                                                                                                                                                                      SHA-256:6A59B47E916C73C046D604956A050CC5AF9A0C96D1DAE51CD8ABDEE17F273085
                                                                                                                                                                                                                      SHA-512:89BD770D565553ADA2123CAFDBCB3443E5B304BF0D0EE901CE2DE0E7C6245B08162F2FE39C7FCFC1A7908105A3A00DF3BD8DD3EA0CE13F96C91DAF21EAE2155B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......d....@.........................P3.......3...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUMC557.tmp\psuser_64.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):521784
                                                                                                                                                                                                                      Entropy (8bit):6.352828173572569
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:ZcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0Tooh/RYD50Zfx86cSAj:HnSgciKFK/IMakZvvClDE0TookV0xr
                                                                                                                                                                                                                      MD5:4FBD1394EEAA4D5F7BD66AFDC6FA088C
                                                                                                                                                                                                                      SHA1:8D09DC6A9C06A8B549273BF121E7D3D41E8929CC
                                                                                                                                                                                                                      SHA-256:7A9F75B840515009ABDA7BCA9372C97C5514E32D0324A2D01A7FE377A3889762
                                                                                                                                                                                                                      SHA-512:089160F6D4AEE7A1C6C550F256BF52573A71E8CDCBFF19AA829618DC1D29B772288CA76A270001DA09B19BFA175DC20829607F9C3035C672D2289550927371F7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d......d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\GUTC558.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      File Type:POSIX tar archive
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):11550720
                                                                                                                                                                                                                      Entropy (8bit):6.033044964444277
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:+aEmBopka2Rn0ttjsQlms7+oWD0/v+lzP+5ItO04rq7D0S8zpWwRFh4rH5EaFh4l:SpF2Rn0ttjt7+1I0RQcmiGYTGLB
                                                                                                                                                                                                                      MD5:0E16371DE9A96CAA60FFE3CCAFBC8343
                                                                                                                                                                                                                      SHA1:DFF8071D944CDE352DE9F34CCFE785F7DE1C3C0B
                                                                                                                                                                                                                      SHA-256:9DAB943357DBFEBD3F2AC522D9C4565E90EB8428A01248F7F1D68BFB75B5A416
                                                                                                                                                                                                                      SHA-512:28D6C511392E06CD0A4EB19573DF78A0E12215253D36ED10BB84AD70203A9204C1638AA836BD57AAD036D2BA6D31AB5F827AC60F81A1F4C26B89C56B25FC49CB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                                      • Rule: PlugXStrings, Description: PlugX Identifying Strings, Source: C:\Program Files (x86)\GUTC558.tmp, Author: Seth Hardy
                                                                                                                                                                                                                      Preview:././@PaxHeader......................................................................................0000000.0000000.0000000.00000000034.00000000000.011452. x....................................................................................................ustar.00................................................................0000000.0000000........................................................................................................................................................................28 mtime=1686220543.2942097.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):383232
                                                                                                                                                                                                                      Entropy (8bit):4.3682050352007735
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:iPfhJk6XlsbrElrmPARuDnQe09E32yIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AD:cfYKsHKmz+K32OTixcvcDwn
                                                                                                                                                                                                                      MD5:1694092D5DE0E0DAEF4C5EA13EA84CAB
                                                                                                                                                                                                                      SHA1:894F3E31CC3666728F2D7A8DB6840D4726843DE5
                                                                                                                                                                                                                      SHA-256:A178FFAD4526B68BA0106032D612164004F20F08B8EF7FDF986429A1CF7708A0
                                                                                                                                                                                                                      SHA-512:882A9392507BF0E089952F17E2F40DB0C5E1C52C6A6F5C7CDAD61DEDAF1AF734F23C317C0DA77A980D6ACC38E169302E1B024AD393BB730851786146BC38E17E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........2R..aR..aR..a...`X..a...`...a...`F..a...`t..a...`C..a...`@..a...`Q..aR..a...a...`S..a..%aS..a...`S..aRichR..a........................PE..L......d............................T.............@.................................t\....@.................................d'..(....P..(f..........H....6..........L...T...............................@............................................text............................... ..`.rdata..<].......^..................@..@.data........0....... ..............@....rsrc...(f...P...h...*..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):404480
                                                                                                                                                                                                                      Entropy (8bit):4.403596063022666
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:Pzfvhld4VAmlAfFUtxsIKGNGdyIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAA9:bvhP4VHlAfFUYdOTixcvcK
                                                                                                                                                                                                                      MD5:09621280025727AB4CB39BD6F6B2C69E
                                                                                                                                                                                                                      SHA1:A6F3796A310B064D1F2A06FAA9B14C4A104506DA
                                                                                                                                                                                                                      SHA-256:77B695E9292A10A98C3FC1D25AE05C44FB18A54D74A473D4497B840C8BA94DEA
                                                                                                                                                                                                                      SHA-512:CBA5DAB19BDEAFC4ECA223A4858B566E3AF21FD690F4F6971864C519D284AAF5A3DF70B98AEB5FABC66A68E515505B203B0BF1C61ECB92070E8E30A92BDA6FAC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g0...^...^...^.;v]...^.;v[.U.^.;vZ...^.s[...^.sZ...^.s]...^.;v_...^..._..^.sW...^.s....^.s\...^.Rich..^.........PE..d...=..d.........."..........6.................@.............................@.......z....`..................................................l..(.......0f..........H....7...0..T...pW..T............................W..8...............@............................text............................... ..`.rdata..............................@..@.data................f..............@....pdata...............r..............@..@_RDATA..............................@..@.rsrc...0f.......h..................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdate.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):440608
                                                                                                                                                                                                                      Entropy (8bit):4.477495049012643
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:TjbidjsOQe3H/lqa8ggDemWSzuwJWwqjPpiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBv:ytqa8VxJMReTixcvcF4fZNVw
                                                                                                                                                                                                                      MD5:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                      SHA1:B267CCB3BBE06A0143C1162F462839645780D22E
                                                                                                                                                                                                                      SHA-256:66E75EA8A3641E419D5226E062F8F17624AFBEE3D7EFD1D6517890511E7111D9
                                                                                                                                                                                                                      SHA-512:512F2C2BE5EE5F61F31719344CD20DD731898C5B63F6E1ABDBFC81821533D93AE06C96F256AC1196E9F457A927C4AA61C35D00B45181793547FF3B6670866CCA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.<r..R!..R!..R!..Q ..R!..W ..R!..V ..R!B.V ..R!B.Q ..R!B.W <.R!..S ..R!..S!s.R!H.[ ..R!H.!..R!...!*.R!H.P ..R!Rich..R!........PE..L...b..d.................<...L......;z.......P....@......................................@.................................`q..x...................H....8...........^..T...................@_......X^..@............p..\............................text....:.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc................T..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):384296
                                                                                                                                                                                                                      Entropy (8bit):4.381583745540333
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:Vvs32BUKqsL6FBqrk0z3M+82nOiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAn:Bs3Uq+2qXnOeTixcvcGLNI
                                                                                                                                                                                                                      MD5:A86AD7C0E95907CBA12C65A752C02821
                                                                                                                                                                                                                      SHA1:26EE2DF5A6A47FE976AF1592B20BCBEBDAFFC4DB
                                                                                                                                                                                                                      SHA-256:4E596090A150EB2B7478A42B7A2287EB8E0C80ACF2776AA7A55DFE9CC5013718
                                                                                                                                                                                                                      SHA-512:62D869B8FEC28D10EC6A1B78B6F92555B0DBA2E92BAC203C569CACCB30B1BB33128346C158A04262271D43D09AB0ED207B99A19354215D5A8907FCA01B654C60
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L....d..........................................@.................................R:....@.................................$8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..b^.......`..................@..@.data........@.......&..............@....rsrc....f...`...f...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):438592
                                                                                                                                                                                                                      Entropy (8bit):6.45992761938075
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:/iooQx+F24u9wHXNiOc20bNcooY50EkY:/mQUkyiOc20ZcW0Er
                                                                                                                                                                                                                      MD5:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                                                      SHA1:69D5E69DDF4132FA2A5AE8B8B36CE047E560A476
                                                                                                                                                                                                                      SHA-256:B2DAA382D892FEDB01EE0FC960671A96C1D21C663F1883D800F70D72FDD13F91
                                                                                                                                                                                                                      SHA-512:A484F13F5427B20623BC0451BD223C0D89EDA0B0789749B46F2981CD7818A0D795B2868840E5BB9A0C6C8020939D085814A6BBBAAE4425B2F0C398C913F246DF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5..PTg.PTg.PTg.$d.[Tg.$b..Tg..!c.BTg..!d.ZTg..!b..Tg..!n.kTg.$c.ETg.$f.MTg.PTf..Ug..!b.QTg..!..QTg..!e.QTg.RichPTg.................PE..d......d.........."............................@....................................R.....`..................................................................p..t4..Hx...8......d.......T.......................(... ...8............................................text.............................. ..`.rdata...|.......|..................@..@.data...08...0......................@....pdata..t4...p...6..................@..@_RDATA...............d..............@..@.rsrc................f..............@..@.reloc..d............j..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):755696
                                                                                                                                                                                                                      Entropy (8bit):5.78064070271127
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:W7HWEcC7f+bctMN8hnPTscowfOTieHsgX+:W7HWvbcNPTJowfOu2u
                                                                                                                                                                                                                      MD5:5174340282DD8A0FF39480395F5BC5D8
                                                                                                                                                                                                                      SHA1:08100AB4E019A149CC484BDA66CCC5C28DC2D2ED
                                                                                                                                                                                                                      SHA-256:C78E5106DEBB7D891A9B3DF684EDE2DA295B8E7B595F899CEB8400786A627EC6
                                                                                                                                                                                                                      SHA-512:8B2A3DB0DEE98435F2C5ACF8DE8617FE72ADD9155F3AF491CDFBE6770346DD31CAD387D3E2877E3E5332117A30D08DA428CBF9C7E3C72C6E6E486F4626BFD1AF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.P.4.P.4.P.D.Q.4.P.D.Q84.P.hjP.4.P.A.Q.4.P.A.Q.4.P.A.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.4.P.6.P.A.Q.5.P.AhP.4.P.A.Q.4.PRich.4.P........PE..L....d............................0t............@.......................................@..............................................f..........HD...C...`...A..Xw..T....................x.......w..@...............8............................text...*........................... ..`.rdata..............................@..@.data...DG..........................@....rsrc....f.......f..................@..@.reloc...A...`...B..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateHelper.msi

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                      Entropy (8bit):3.710330368678027
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                                                                      MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                                                                      SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                                                                      SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                                                                      SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):384808
                                                                                                                                                                                                                      Entropy (8bit):4.377706577325397
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:zvMP2ZEKysLSFBqr80w3M+D2nKiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAW:bMPMy+eqLnKeTixcvcjLNm
                                                                                                                                                                                                                      MD5:C9824519E8613D8B4CAD44060069C19C
                                                                                                                                                                                                                      SHA1:8D253977D0236494471FBFDAA6AB3EEF1315AC15
                                                                                                                                                                                                                      SHA-256:11F3E42F19333E5917E7DB62FA8E7F966EB9624E86711E413AA43284B8D03244
                                                                                                                                                                                                                      SHA-512:0F2E11E11C1C8D477EA8C2C6C70D24484AE913CC1FC785E945141BD035745914CA307D67BDEC3A45D443BEBEDDB536A910E4E1F2A285AA807217576262AE4D21
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.......................................@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateSetup.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1910576
                                                                                                                                                                                                                      Entropy (8bit):7.58137479903026
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:hbGcPcWSOwiGJ+aKznZOqbU3tFKU+9wOKXd9AVjrr:xGGcWSYGJ+94iU3tIU+qOs
                                                                                                                                                                                                                      MD5:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                                                                      SHA1:EBD3E4A1A58B03BFD217296D170C969098EB2736
                                                                                                                                                                                                                      SHA-256:2A97CB822D69290DF39EBAA2F195512871150F0F8AFF7783FEA0B1E578BBB0BA
                                                                                                                                                                                                                      SHA-512:1B204322ACA2A66AEDF4BE9B2000A9C1EB063806E3648DBAB3AF8E42C93CA0C35E37A627802CD14272273F3F2E9BC55847DFA49FC6E8FFB58F39683E2446E942
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].T...:...:...:...9...:...?...:...>...:.K.>...:.K.9...:.K.?.).:.A.3...:...;...:...;.n.:.A....:......:.A.8...:.Rich..:.................PE..L...]..d.................n...J.......R............@.................................u.....@.....................................x.... ..|...........H....j..............T...........................@...@............................................text....m.......n.................. ..`.rdata..Fr.......t...r..............@..@.data...............................@....rsrc...|.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):384808
                                                                                                                                                                                                                      Entropy (8bit):4.377540113876844
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:A3sX2IVBI6XgpbbreB3Hu9+323+iIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBU:qsXTIgmbl3+eTixcvcXbM/H
                                                                                                                                                                                                                      MD5:1B7BD9F313FC670D5DFC1EDFEEF50D0E
                                                                                                                                                                                                                      SHA1:F95F0DB0E6392022D314EFD14F9B4D542D2DF3C2
                                                                                                                                                                                                                      SHA-256:968A9AE84C45CF635CAB1F50843CD970FAE0BDF3F7837FE26D7D64C8E3C0A837
                                                                                                                                                                                                                      SHA-512:232FFA2890FC3504EE8D2DECB80603B5873C8AC9E8F92D09E3E4BE7AFAE7DD88121CD176F5C487BB59809B577705F226B7C63D8743CBE4FCEABFECD429D765FD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.................................5.....@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text............................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\Recovery\GURED90.tmp\NortonBrowserUpdateSetup.crx3

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:HTML document, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):372
                                                                                                                                                                                                                      Entropy (8bit):5.474168193946289
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:hxuJzhqIzyYk+qRU4zEdxXZiqNpGeNEYEQQpFMq8hJg9O/UUlcnApu9MK34QL:hYXc4xXgqmeNs3Mq8M0/TYL9LIQL
                                                                                                                                                                                                                      MD5:81F34AEAC3875A2FF1D9DC4E9E7B5548
                                                                                                                                                                                                                      SHA1:B9D893B1904D5A15CE7AEA9F2C4BA9BBEB18AE86
                                                                                                                                                                                                                      SHA-256:2999599AFF98E493CA4C6F2F83A5DBCE7FA722E6633849C66C924D7E939B089A
                                                                                                                                                                                                                      SHA-512:70B21D6E4EAB25DD7B16FC6B3B6FFBCCFFB39282E9E70C3356F0BEF7F3ED20247C8661C50A5FB99D597B1DEC9DBD5EC3F34F6D5B239F2CE98EDAA6ECD90975D2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<!DOCTYPE html>.<html lang="en">.<head>.<meta charset="utf-8">.<title>Error</title>.</head>.<body>.<pre>Cannot GET /service/check2&amp;appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&amp;appversion=1.8.1649.5&amp;applang=&amp;machine=1&amp;version=1.8.1649.5&amp;userid=%7B080202C6-0391-4360-89E1-C3B86776D125%7D&amp;osversion=10.0&amp;servicepack=</pre>.</body>.</html>.

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):561456
                                                                                                                                                                                                                      Entropy (8bit):6.89287156869539
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:Yfpc+D07/a7PLl5FibVV1e80fe7KM7DhphezIhSMXlLSGvYOO:ID0KcVV1e8IkKM7DjhezIhSMXl+onO
                                                                                                                                                                                                                      MD5:A400B5A4A3CA4745149ABAA4C58FAB2D
                                                                                                                                                                                                                      SHA1:D8BC7CF9735E4A6958FEB7079A505BD1C4516F24
                                                                                                                                                                                                                      SHA-256:89515235500904C8BD34844D4C71F2707750BC5E7C48AFD3409B012EB5A1E544
                                                                                                                                                                                                                      SHA-512:2762EE517E08FEBA6345521ADF6C516352B672882DB2A6D3220F2A62A60EFB6CB2DD2AB04BDC20A60092A5922A4B7C83484C8FD3FAAC3BA817A4BDE84D23592A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................E.....................................u...........................Rich...........PE..L...[..d...........!.........p............................................................@.............................l.......(....@..p...........HT...<...P...8......T...................@.......h...@............................................text...d........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...p....@......................@..@.reloc...8...P...:..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):719056
                                                                                                                                                                                                                      Entropy (8bit):6.672324901238704
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:X+vBHtQ7iF5WOFQYOupOwoH6LztpMQV/t9WQF2FiWurraKlIDn1LGNGho44v+aXx:X+5HnQYOAR7WGtZhezIhSMXlgIv
                                                                                                                                                                                                                      MD5:56464A7270CDE8F1EFE3A4DF0C7FBA88
                                                                                                                                                                                                                      SHA1:3B857008BDB409DAEF3441C656C0CA09B283F80E
                                                                                                                                                                                                                      SHA-256:85FBCDB8D8FF254D35664000529BC1FDE00427B624F806E6A2CF839AD7332698
                                                                                                                                                                                                                      SHA-512:A0E7E8C45129E44D775DBB3DE53D72F17EA17EBDCCA89C0C69B56FB6AD3694227466452387378F915241390769BDF42B5E58D104C8C1839915878DD698F30CDF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.b2w..aw..aw..a!..`r..a...`{..a...`...a...`c..a%..`y..a%..`}..a%..`8..a...`p..aw..a...a/..`u..a/..`v..a/..av..a/..`v..aRichw..a........................PE..d......d.........." ................................................................aB....`..........................................A..p....A..(.......x........A..H....B......$...x...T.......................(......8............................................text...,........................... ..`.rdata..n}.......~..................@..@.data....?...P...&...8..............@....pdata...A.......B...^..............@..@_RDATA..............................@..@.rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1707520
                                                                                                                                                                                                                      Entropy (8bit):6.329347716504747
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:Lpkb22RntN0ttjsz1srDlmsmTKmTyuuNV:Lpka2Rn0ttjsQlms7
                                                                                                                                                                                                                      MD5:5F2D68D3FDAEB09AE78622A5AE59FCE0
                                                                                                                                                                                                                      SHA1:D959C2A9E03C0C4017682C5F48EB1BBD84DD796E
                                                                                                                                                                                                                      SHA-256:F2AF299BE74EBBFD19BB476D66BDE4D55BFB571004B6349EB5EF1971955F683F
                                                                                                                                                                                                                      SHA-512:D0F9BA99DF9153A8487FD0C4A3F81C0138AEABAAED9875A8E175531E2BDF18F7B89AE14CF52BF7F546B3B5076B87080096D5C15558B9BD16A44585C0C0171C54
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........n%.B.KMB.KMB.KM..LLC.KM..ML@.KM..HLP.KM..NL..KMsS.M@.KM.zOLS.KM.zHLZ.KM.zNL..KM..OLc.KM..JLi.KMB.JM/.KM.zBLr.KM.zKLC.KM.z.MC.KMB..My.KM.zILC.KMRichB.KM........PE..L...b..d...........!................oG...............................................E....@.........................`...T............@..(...........H....c...0..........T...................@.......h...@............................................text............................... ..`.rdata..j...........................@..@.data....\....... ..................@....rsrc...(....@......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44008
                                                                                                                                                                                                                      Entropy (8bit):4.850152460164065
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FR/vRi4k4+R2T35Jy0Wp2xPxh8E9VF0Nyme:FlIZJQy0WsxPxWEc
                                                                                                                                                                                                                      MD5:72E47A3D3E835B08D1AE65D4F69F77E0
                                                                                                                                                                                                                      SHA1:7F086000901CF2518C35E1734EA1ED9E10DE369C
                                                                                                                                                                                                                      SHA-256:FF74207E5107DC2DA38AAA4DE10BC8EA83FAECB2BCA0BF985A7E5A6B427643C0
                                                                                                                                                                                                                      SHA-512:02124755B52423CF734C6CC28AF44FA7F8DC79EB4E9E475208FB6591AA2317A149B7EFC0E5E7A3DFBAEB9CDEF9ED69084C45DB6221003DE69D6AD1B45B9C09CB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........z............... ............................................@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):42944
                                                                                                                                                                                                                      Entropy (8bit):4.835542008183028
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FruDM3lkCAu+JGPpHJy0W5m2Pxh8E9VF0NyhAd8:FUSlkCAd2y0WPPxWE7C
                                                                                                                                                                                                                      MD5:A37370A759932400EED7EAEDDBB482CE
                                                                                                                                                                                                                      SHA1:638E51217F7DF449D41067AB3135D5912517B858
                                                                                                                                                                                                                      SHA-256:F183305C17D1C06C3006816E1BAD733599E977C1207332799399CEBCBDC7DF20
                                                                                                                                                                                                                      SHA-512:9FAD66444C544519FF4898DEE7772923DD0708A27422D02475715E9F1B10C058CBDD8B4C53E8B0E25F7B0CC4B967DD33AD4A36BF21A4099699F87B69FEC4DD97
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...1..d...........!.........v............... ......................................{6....@.............................D....0..(....@..Pm..........H|..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pm...@...n..................@..@.reloc.. ............z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46056
                                                                                                                                                                                                                      Entropy (8bit):4.8691314938087595
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FsBzeydckieGZBOcuUFjJy0WgXTPxh8E9VF0Ny6gIBb:FmLVEDNfy0WQPxWEkDR
                                                                                                                                                                                                                      MD5:01F941A4B83FABF16E5BC21100B69D38
                                                                                                                                                                                                                      SHA1:AB6E4B97F90CF44CE6463E96FC97BAFBFDD750AC
                                                                                                                                                                                                                      SHA-256:79E3DA0E23396DABF17FDC7850D84BE5BFC7D6C7E27D6A83EC2DD3537CDE8912
                                                                                                                                                                                                                      SHA-512:DAAD8ABF022623447EFB08B1B931F52F2328587FE3FED0D510D036E72CC0F293C8584D10F63EF3268768E93C75018CDF4D4128BF863D517B432EB758570C8EA1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46056
                                                                                                                                                                                                                      Entropy (8bit):4.936222804071481
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F0aapGvUx7tYF7qWF0FrHF6rjbmBwRbooJy0WNRuyZPxh8E9VF0NykWri:FWsrBF0FrFnBwZy0WT/ZPxWE6
                                                                                                                                                                                                                      MD5:663E632846D59788FCEB10677488AEBC
                                                                                                                                                                                                                      SHA1:D55E88C98121FCEFF9D290E48982B7B4F2204BAA
                                                                                                                                                                                                                      SHA-256:1DFC05748521BCCA9C4BB71E2F02E2FA52B657D0F8DB1747BC9B4B27997A60D6
                                                                                                                                                                                                                      SHA-512:13F29325EA1C5055B4F344B7B43B52E754D3C1645263F0168F8936D26B98EB5E352E1F1DAFD68E99DC88A6B976A23BD0BA2DC1A73AC27186B8B5F742A18C8C09
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...w..d...........!......................... .......................................@....@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46056
                                                                                                                                                                                                                      Entropy (8bit):4.655403186782661
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FTYiIP42ArzVuJG4bPl7aJy0W3kPxh8E9VF0NyVhQ6:F6Q2ArBuhoy0W0PxWED
                                                                                                                                                                                                                      MD5:EC63069EFD260AD24F218AE84882F3FF
                                                                                                                                                                                                                      SHA1:5875DEFDF669CC4747C4F68536E9117DE2BD4A53
                                                                                                                                                                                                                      SHA-256:BC60127E50FA8E89422966554F1E9319A0E0DD750525812463E0560E48D92FBD
                                                                                                                                                                                                                      SHA-512:13D4FE8F6227C54EF928CAE48F8B2854218DA04174B60D70BCEE410C248AD2CFA974402093A795AE275C5F4CDCECDD9426B50FCDBC3F0F64B6F0B0D9BB06EA2F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!......................... ............................................@.............................D....0..(....@..(y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.69656607023198
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FAthlsBWpKJkbYAA+fjoDJy0Wim+FPxh8E9VF0Nyy6:Fwb+y0Wt+PxWEs
                                                                                                                                                                                                                      MD5:0FCE99454CFCC351D251FA0E9EA77840
                                                                                                                                                                                                                      SHA1:7B9575192E105B4CB724F51238A2E5E956A76425
                                                                                                                                                                                                                      SHA-256:8DD39E95CD3515398AED12677DB59D71C0773588FF927A6A782A3BEFCF5B1F5D
                                                                                                                                                                                                                      SHA-512:61AA083B1C5E2EE9DE23C9BB14B25DEB71A3E6F962495542F83F8D068D5046722D287A7EF5247217FA5EA712572B0EEEADC1B2B3263CB70C061648FED030CEC2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........~............... .......................................5....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.656501839350111
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FIq7uqfNnwtpY6PSKpJy0W/s0UEjPxh8E9VF0NykMR3nD:FLHnwkOdy0W0lEjPxWEqq3D
                                                                                                                                                                                                                      MD5:D6F44DC235F838BF4E52165182FC0969
                                                                                                                                                                                                                      SHA1:1EAAD935A6FF147ACBB041397B9E9D63B0EE1270
                                                                                                                                                                                                                      SHA-256:8883FD2E7810EB9C4DA66888BC548074FE990AE652CE59A053CBD25E39AE08DB
                                                                                                                                                                                                                      SHA-512:20792C1D1E1C174EB86F72BA92F83A92C025DEBF68DB2BA9E3C9346FE4ECCEAFE0F94BE62706CB8D16F8A6529A9358A4FC8A189B22178E501B654A1D4F6952A8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...a..d...........!.........~............... .......................................D....@.............................D....0..(....@..Hu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):47080
                                                                                                                                                                                                                      Entropy (8bit):4.647516797051505
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FjmAR6HUj8gtdF0Me39ADEZoJy0WwymPxh8E9VF0NyaBB:F6ojeMe39APy0WwPxWEc
                                                                                                                                                                                                                      MD5:42B89B0A42B907D63FE680AEDD8B32C7
                                                                                                                                                                                                                      SHA1:2B36C8BD041331D835DD897AD5FFD29E41ABC52C
                                                                                                                                                                                                                      SHA-256:E1B6FA1ADC79ADD6CE803DFAF4CE5D5E4DB70EED08223C4EAA381CF0EF55C62A
                                                                                                                                                                                                                      SHA-512:539D3B51BF450BFB80FD90D52E8A8C2BE077ED39F3E3657FA21DE4B65E391144AFB80CE6C57AEF340EC67821EBA3A886B2E072F7D64152119187ED374B5A73C1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................_.....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46568
                                                                                                                                                                                                                      Entropy (8bit):4.945276126044921
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:Fkwaa8EpeILkSIrGCSqlIxRFiAhAu8zBdfsBsTbV234sJy0WRiDEPxh8E9VF0Nyg:FgCplLO+R5U/+y0WoDEPxWE1
                                                                                                                                                                                                                      MD5:CB574CC86D8FD65185E9C93547D9B98C
                                                                                                                                                                                                                      SHA1:1271590C4BDED66D5179B1820E9F66C243DEBCDE
                                                                                                                                                                                                                      SHA-256:7AD4C02B86EFEAC6E068CB0A47D50FD305C2306D71D1BB9812BE9F712597FBDF
                                                                                                                                                                                                                      SHA-512:E170E7A987646CFC71D9A18FF7119DAEA7AD9C57040C4BD131F86499F663328E9A82240F130699AC10F9D2DDC04154C6D2661A32D768E98B40A0472698E31C3F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................X....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44520
                                                                                                                                                                                                                      Entropy (8bit):4.636317941438334
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FR/vElagyh6QuXCA702Jy0WEwRPxh8E9VF0Ny9+W+Eh:F9gagyhiX9y0WFRPxWEjaE
                                                                                                                                                                                                                      MD5:D73F4E5F97B987B8CC6403909C3E6242
                                                                                                                                                                                                                      SHA1:0A7075A927333557161BCDE22D08C35FF7636425
                                                                                                                                                                                                                      SHA-256:30CD762237C21B6FBA4E0B165EBAB83A997C093BB088A3DF56CEE400F5946439
                                                                                                                                                                                                                      SHA-512:F7B561BCA0F7DBA8BEB19EA4E2B041766FCEBB940776ABD4C79E561ED0997E6D8E3F27927E5DAB6F03CD45ECEFB568BD872DC67F456BF19881546B51DE955B13
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................L.....@.............................G....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44008
                                                                                                                                                                                                                      Entropy (8bit):4.6565699525229025
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FbRnyUEagyWmpRjy+Jy0WXyDPxh8E9VF0NyYIm9:FbE5agyWqby0WGPxWEm
                                                                                                                                                                                                                      MD5:2059F62477F33F9943DCE5DB380F09A1
                                                                                                                                                                                                                      SHA1:62300C5FA2465D535D77B9D378BE7039CE32A234
                                                                                                                                                                                                                      SHA-256:CA0F11FE6BCD7CBD9897F73A0B5208C49779B298A2DF260CE084912AE73E5C66
                                                                                                                                                                                                                      SHA-512:AEC61BB34B79A6666E8EAF56372D049F184F02894B8425FAADAB9C4A2E812BFECF250FE561CB92FED2F3B965735BC2E7E97904C2667241A840611C0F4E0C768F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...L.d...........!.........z............... ............................................@.............................D....0..(....@...q..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45544
                                                                                                                                                                                                                      Entropy (8bit):4.646030612051221
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FI4fk8AqfN4imEDMaJy0WG6sPxh8E9VF0Ny2C4:Fdk8TfN40xy0WiPxWEIv
                                                                                                                                                                                                                      MD5:E4A1B678F8B6FAB9034EC4657F1D264C
                                                                                                                                                                                                                      SHA1:4ACCEDA598F41B7FED6EC58E65121D0A37256638
                                                                                                                                                                                                                      SHA-256:FAF3E79C113E5423DC0C2308FEEA2B1F1D8A5AFA1BB2D9AFCF4684DAF4B6CA95
                                                                                                                                                                                                                      SHA-512:2F0E1015224B255535ECBC3691E4F96A6885DC59CDDFBADCA160DA9A45C6BEF2C24AFB6FB3057FE7144E739AAB54F6BAB936A9EA59450411B8E02B318E495B3F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...5.d...........!......................... .......................................2....@.............................H....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):47080
                                                                                                                                                                                                                      Entropy (8bit):4.630177626115215
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FwNCID1Nz518DNQJy0WEnKPxh8E9VF0NyON:FbIxNN1SAy0WlPxWEo
                                                                                                                                                                                                                      MD5:5F9A8F94E5B85C41CD81F88119D04F30
                                                                                                                                                                                                                      SHA1:D5DAC5F57002A1B43B0A83EADC9D2627492505B8
                                                                                                                                                                                                                      SHA-256:AC2418963CA15734DE3135131C1BDA03D7E602034DFCA75F8D11BCA47B577AB9
                                                                                                                                                                                                                      SHA-512:A9BA94B650BFE076584D1F465B293F49C9DDFEF747EF51B728FB4988391874542F8029BF4699B304132C8B96A29F29935A213102F3A8EBD3086C54BE6ED86388
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..p|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...p|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44520
                                                                                                                                                                                                                      Entropy (8bit):4.645463686029905
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F3EEy0TbDFbDZETJXTSQ8QjGJy0WizPxh8E9VF0NySS:F9j96dHYy0WWPxWEE
                                                                                                                                                                                                                      MD5:9BC3B29E68A70E0DA276D2F80D5609DF
                                                                                                                                                                                                                      SHA1:DA3DA32BCA70E64D461B2B7F25C0FB1B0B4B5A0D
                                                                                                                                                                                                                      SHA-256:19BA49FA519608B6955018FB8B77E39D1356EB1817A8993622F8565322C14CFA
                                                                                                                                                                                                                      SHA-512:2781E997A4F3C92DE141F14250098779307513F4E7C4D493F40341B6A4FDF09671E6FC64781D2AF38B5F19FB8CDF9C2EC03A5724B291F8D279FFF952AD3DD3D2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................:.....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44008
                                                                                                                                                                                                                      Entropy (8bit):4.845272670813686
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FqrH4OZNIY5pihSQJy0W3ZPxh8E9VF0NyFxn:FO7cy0WJPxWEj
                                                                                                                                                                                                                      MD5:5089CC134B762C266A2D935DA3C8334A
                                                                                                                                                                                                                      SHA1:E4D142E7B12A64B396E83698467900209B2345FE
                                                                                                                                                                                                                      SHA-256:1D68B46775921FDE73E30BD0DEA980CEE5D7ACB191DF2D91E16E934400609B20
                                                                                                                                                                                                                      SHA-512:3A551EFDCC0C0D221EB8BF883EA5312C77FCAEFED6D1EB412351B63945DE9F905F2968C21DBEAD7634E180742DF668F8D1A5A2DBF1EE2C4102AC51291B7B1C3C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... .......................................r....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.6596573287160785
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FCcrgPnEzPhXY7R799hKh1GAm/RnVJy0WhhHPxh8E9VF0Ny9rrlR:FLinEVmNgiy0WDPxWEvf
                                                                                                                                                                                                                      MD5:5BAB01B758FCB17579A8AAA3ED7A6787
                                                                                                                                                                                                                      SHA1:53800C375AA17BB906ECA53548FA70191AF221E8
                                                                                                                                                                                                                      SHA-256:874E4BD71B4604929D88E50D673D52A1A1BC6AFA78C244DD642BA20F302F3E44
                                                                                                                                                                                                                      SHA-512:05C5936FE09642E71FF8A8ADE4F4F2283B67E8EA79B58C856008DE14CB7BA1163EDFE54B16E517CFF1354693792627B1CAF45D8F0BE5A3D563B9592A4711D4BF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ......................................3.....@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46056
                                                                                                                                                                                                                      Entropy (8bit):4.640479522161056
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FUJKU7UNPli+B3RVaw7ykIIjyC/zaJy0WLnaPxh8E9VF0Ny4S:F72U9li+B3RVawW3WrSy0WbaPxWEG
                                                                                                                                                                                                                      MD5:17F5249CFB6519985F90655B8D802117
                                                                                                                                                                                                                      SHA1:2A09E55A2FD07214DAF47A331B6CDDFEA543141A
                                                                                                                                                                                                                      SHA-256:2362F65816A9D66D94E1B3B4BCE49D2E967B5C92C9326321107A84AB811ACA1A
                                                                                                                                                                                                                      SHA-512:0EE92E8D81A4E6988F1D2315D5E2AA78629EE142E38D6F104F5115FD983CC3E98142E88859DBCA879315A6843A8AE65B26C507AC4EF25D3B11293551C0B90DAD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................k.....@.............................E....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46568
                                                                                                                                                                                                                      Entropy (8bit):4.662517782893104
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FM1NdxA98EoIcpW4xq9aJy0WbiA4Pxh8E9VF0Nyko9hl:FadOaIcNjy0W2tPxWECah
                                                                                                                                                                                                                      MD5:FA87C9DCCA6C104EF4B31FA398150A98
                                                                                                                                                                                                                      SHA1:22A7F252994BD2C99ACA4F1C544BA1E88A249F4F
                                                                                                                                                                                                                      SHA-256:0B5678F58A8F8C8619D0940D981B40971F8B42028EDBB2FA845731C747D3B567
                                                                                                                                                                                                                      SHA-512:FD918AC8E95A7CB33CFCC141ED25F1D5848497BF3645F912FCDBEA64A1BAD1ABB440248E2F56E1C7D7BA8AFE4D3B44D83FEB8C759970203F5CBA147737F4C3B1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...b.d...........!......................... ......................................<.....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46568
                                                                                                                                                                                                                      Entropy (8bit):4.923122510985089
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F0Uc/d3UTeAV4DzYCQ+fwmkIjkiJy0WpJ84nPxh8E9VF0NyZEdgnV:Fm1UTe7VbRy0WpPxWE/V
                                                                                                                                                                                                                      MD5:E9C9B0BAA58684779947F9DDAC85E83A
                                                                                                                                                                                                                      SHA1:FE70F8278CF6594D111BB53E0059F1C023AEDCC0
                                                                                                                                                                                                                      SHA-256:19154A82982A69B588B8A89AC086E80E515B05704899E1B8CA7AF3DE460568F5
                                                                                                                                                                                                                      SHA-512:41A03F1FA4242E5297F3D4FD18911B64AB1D31E529C964A7A5327E3B8C1389BD1F9CE4EA5A444D64B36808D908BF663235DA81BECA3145049257E258E483FBA8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................B.....@.............................D....0..(....@..8z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.8817065986468595
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:Fc6qx6AN6Aaqxzxm8qRXtpqCGay0WKLPxWEE:Fc6qMX31LPx
                                                                                                                                                                                                                      MD5:282452593ED4C14AA8AD486698BCBB31
                                                                                                                                                                                                                      SHA1:8CF912912503649E440E632CEA6B4427A0B1102E
                                                                                                                                                                                                                      SHA-256:CA151F677D1D9ABC95C708726B3D04C62AC7C7836ED9B875C5B1F7D67BC4F75A
                                                                                                                                                                                                                      SHA-512:9FC0A8FC7641A104B3976F37421DCBA2083878DA535B3662A6FC1F697CEF5108D1715BA618806CAD4E74B13F2E2AAEA10090937F1BD13CDCBB9D8EF7141CFFE2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45544
                                                                                                                                                                                                                      Entropy (8bit):4.6636431303483
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FZitIPeVOXz19zzMH5KBL/yoiGgJy0WXfjjPxh8E9VF0Ny6/R:F8I+5oL/xwy0WLjPxWEs
                                                                                                                                                                                                                      MD5:85D54C0B73692E53C5B8657ACD189EF5
                                                                                                                                                                                                                      SHA1:907D142F69B742F7DE5F8738325C7CAE9CA06ECD
                                                                                                                                                                                                                      SHA-256:4BAD5B8F0372FC19E9414F997B2CF713D81F48FEC6238CDBEFA65CF138E9F5A9
                                                                                                                                                                                                                      SHA-512:3B1B2792237EF8F6143644FF54D25E7BC95ABF1C89291B0B1BB16DE4C8CC00B7DCE18510306BC94C19CA2BEB33472CCF4DB2976D508E817F06A695F4FB4F6345
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!......................... ......................................F.....@.............................D....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45544
                                                                                                                                                                                                                      Entropy (8bit):4.688666100525905
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:FfG7U7RPX1C2TycfBwGFTbeSTZ46931lBVZpjqAy3FGVsTsy0WMNPxWET:FfG7U791C2TzpwGFTbNZ46d1lBVZ5qAV
                                                                                                                                                                                                                      MD5:EC0EAC7B38E7B4FB9F4F3E97CED70502
                                                                                                                                                                                                                      SHA1:8A21DEADB00C4A23ED0EF2728C5EBE6D58D8E93C
                                                                                                                                                                                                                      SHA-256:D083015F17E68E2304A2F4C9A130BF2891A1B3545DCF35E3E6367276BC8FF1C9
                                                                                                                                                                                                                      SHA-512:43E7EC301C8E4E7259B6038EC5F17C52C27B64CAC69511B6325B50B949F56A782312D28D7264BF4469D3A48FCB73DE831DE0FB388735E1928774742B0D0E8383
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44520
                                                                                                                                                                                                                      Entropy (8bit):4.639484979051941
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FpZ0+vL3THRxVkAHqIaHQRf2I95yrUdGqPfpJy0W5C0NnPxh8E9VF0Nyoum:FEWfqgbfzy0WnnPxWE+L
                                                                                                                                                                                                                      MD5:351FAB792600FABBB172E0EB3308A6CD
                                                                                                                                                                                                                      SHA1:A9BD979F85AC2EE04B63A6F0A266EFA64318207A
                                                                                                                                                                                                                      SHA-256:FCF17CCCBD9988C121B3754DE7234B3041B7FE83C763A364AFD043297C780745
                                                                                                                                                                                                                      SHA-512:1C3F626FEF266DA6E8FA5737ECA5CF089150C7CCE2B990ED9F75B2757B509CCB0D15DD38B8CCFB05403C35DDD24745A2105D098B4855E951F987EAD934FC2552
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.658477005342536
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FOKL63eZkioif2lIPaAjYkUVQFoMUefV3PONJy0WBDPxh8E9VF0Ny6xL3:FouyibAIibkUVQF5UefV3iy0WFPxWEU
                                                                                                                                                                                                                      MD5:85BCF7664BAE9ECB72C8480214FAE669
                                                                                                                                                                                                                      SHA1:172FFCD25B4956AB674C008BA1BC6796FDBA11DF
                                                                                                                                                                                                                      SHA-256:45F41E8D25867AB8C2EF78B866FBED4A201CD451713AEFED27A1E6C4E550FE88
                                                                                                                                                                                                                      SHA-512:5A92ED998134963A7B76B44A5C6CA8F248BDBB13AFADDC72A5AD1915EC22C98415387295AE2E08209E1BFD866EF878BBBCCF9759C4442DB98340DFB6345B77E9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!.........~............... ......................................%L....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46568
                                                                                                                                                                                                                      Entropy (8bit):4.6324666300251005
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FLEXOjrIN+sah3MO/Jy0Wt9zIjoCPxh8E9VF0NyTKF8b:Fq2IN+P3Jy0WzI/PxWENw+
                                                                                                                                                                                                                      MD5:B85708D2C23D44CAC26488C1ADCD676E
                                                                                                                                                                                                                      SHA1:195D94B76B8D31976ED804DC79ECEE120BCCF6D3
                                                                                                                                                                                                                      SHA-256:DF621055A085663B147DBFD1F54961A7F4299E7714A69541CAC6E2A8DB17CDA4
                                                                                                                                                                                                                      SHA-512:83CBACA8F28F4855685365477B008993F00477C006B931B6413BA4FCDE89010B8BDFD0F4DBEEBF864802931BC95CFBDE7DF3D17CAB40D45661AF0B15143D78AC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..Pz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):42432
                                                                                                                                                                                                                      Entropy (8bit):4.854173056599383
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FB3XBjD2r9v7hdVexaDyQa/f8sS+9GmJy0WJd1w4DPxh8E9VF0NyYok7o:FCFNMrSQy0WTZPxWEym
                                                                                                                                                                                                                      MD5:05AAEE6122E3534C4ABF3B3D95E6EAAA
                                                                                                                                                                                                                      SHA1:D17CEECA35099A36BD99CC017A603B4F486D9FE0
                                                                                                                                                                                                                      SHA-256:C7292A8852AF042741E768702611672C3CB51E6291A3856249FF240CF5D238A4
                                                                                                                                                                                                                      SHA-512:A58EB20DDCE03517804A80C536DDBD7866263A68D362AEBC9F7991B81ADF62069CBD39582A88F06F125DBC666EA5CA07C95CA36763B72FE22C6784A64F9CD8EC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........t............... ......................................H.....@.............................D....0..(....@..@k..........Hz..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@k...@...l..................@..@.reloc.. ............x..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):41408
                                                                                                                                                                                                                      Entropy (8bit):4.883723947959775
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F/RouMWEHjkgWDMNGJy0WUqcPxh8E9VF0Ny1nB:F9HEDkgWiey0WkPxWEXB
                                                                                                                                                                                                                      MD5:F88EF38633AF35044AD10C3400990BC1
                                                                                                                                                                                                                      SHA1:B605DA6DB49B5C7648912DBBDC17CD0CC70D7B11
                                                                                                                                                                                                                      SHA-256:9975AE9DF9F8B81C50DCCD0E95D5AAF279F7991071D09E05DC9F622E5497EEF8
                                                                                                                                                                                                                      SHA-512:D7BE229D8E65A47CF119AF62FDB6720D6A2C9263AC69B6AFA3FADB1BD79EC273D4B0842C73722B629BED0204558933BB108C1A156478E485A5304B39A9EDDAC4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........p............... ......................................F.....@.............................D....0..(....@...f..........Hv..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....f...@...h..................@..@.reloc.. ............t..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46568
                                                                                                                                                                                                                      Entropy (8bit):4.954692594620765
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FQdMeRW2As8RBSBRPfetJy0WYhupRPxh8E9VF0NyHZ1GF:FX/swkOXy0W+YPxWElrG
                                                                                                                                                                                                                      MD5:56A3857ADD97B0AB7C19D551028545C2
                                                                                                                                                                                                                      SHA1:10F0A5B7A2FBE9221C133529B8A5E0B36B421C4A
                                                                                                                                                                                                                      SHA-256:30B0A74E6F825986E8794911FCFCDA4131B505BB0B5E93BECB098CC1BBEE8D1F
                                                                                                                                                                                                                      SHA-512:83C846FA62A0AB70AB07B57927F4F53305949A14E942DB8398E6C90769B47894BC9BCB4E3FB9748173A492C43FF5849E4CAF59FD5242757C0DCF7664EB05E522
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................L.....@.............................D....0..(....@..P{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...P{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):40896
                                                                                                                                                                                                                      Entropy (8bit):4.911833136088746
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FCJcEWZFDd4IY+N1vZsYoRHgA12MrlxB4xRkkTY1M5tkOe+VjJy0W7VPxh8E9VF4:FUlWXmmAq/jveoy0WxPxWEu
                                                                                                                                                                                                                      MD5:16454F5496343F3383905BEAD12F3388
                                                                                                                                                                                                                      SHA1:1F38F482A2957A5E19BCA744C13A8931E4AB73D7
                                                                                                                                                                                                                      SHA-256:4ADDF9F4A52596B37878C3CDEC55F962632272E6C81E4BE75F52C824CBAA840D
                                                                                                                                                                                                                      SHA-512:4D77D9102583AB084BD7BEE4345202CCA3F7AD1D9A307BB4486A38ACFDAE4F878908E411E1FC92B3CE08F284E3BD8C6DBF321A8F19592ECA7CBD257C413139C8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...e.d...........!.........n............... ...........................................@.............................D....0..(....@..0d..........Ht..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0d...@...f..................@..@.reloc.. ............r..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44520
                                                                                                                                                                                                                      Entropy (8bit):4.677692678096642
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FGqI1qXnc9eHz0CwTF1B+jF2Xw1KJy0WFEPxh8E9VF0NyO/dz:FOackHz05TF1YjFmy0WuPxWE4F
                                                                                                                                                                                                                      MD5:E0DA28606791E47FA9B7D50F3637FA65
                                                                                                                                                                                                                      SHA1:00DF626C1C14D57DC0AB1EFCCFC3CA0B700F3F26
                                                                                                                                                                                                                      SHA-256:FB4C1B85935F88E2215CCA897993AFDE01740A36429B1D515905AD42A5F9FA5C
                                                                                                                                                                                                                      SHA-512:9795261821859668D22D63086EC0A6D034043859229138B7899A862DDD6317754479B5D53ABC24895BF91A4370C4648EA9CBED1858E4F44992C6C498090DB1C1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... .......................................A....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45544
                                                                                                                                                                                                                      Entropy (8bit):4.703009692113209
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F4sqvepyAxOeKdeccQJy0WZy8Pxh8E9VF0NyISi:Fw8fey0W08PxWECz
                                                                                                                                                                                                                      MD5:C8802E1E924F5CA936D967BE9FA5DA69
                                                                                                                                                                                                                      SHA1:31FC7A8BCE71548AA52D0BBB877416BD3B647D98
                                                                                                                                                                                                                      SHA-256:92CEC5B3CF76DBA98E62A750EACDEE2BC871364133A4C76CDB1E8AEFCB702BC0
                                                                                                                                                                                                                      SHA-512:4289AAC7A6B5AC3EC0BC767612965D9F9386C832B6F98D44D245CB45D6239C620E7FFC0EBD47793C9014CBAB9B0BD56A6467191806841DA17059C3FE45E2F217
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):48136
                                                                                                                                                                                                                      Entropy (8bit):4.926909967496055
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F/TZz4S1BzFZygd8/JLosSJy0WucSjPxh8E9VF0NynYWq:FrR4ISJLgy0W/SjPxWEFY
                                                                                                                                                                                                                      MD5:16F9F18C873FB7C00F08917F1AF83EB3
                                                                                                                                                                                                                      SHA1:0FB99CC388FE54D5AA875F79E65A0A73E99D9323
                                                                                                                                                                                                                      SHA-256:E6F74C212F2E8EB4163C2DDAE84F488B73DEF9CE886340F4A9AF6864978D859E
                                                                                                                                                                                                                      SHA-512:799209ABEC146B52F3EB5C4D5AFC3DC6482A3B0CFB21C1F1F876BD87D1014E7079AE694C12A80D4660063D9C3D309E9028B4A90887572BCB848B5ABC21AB7317
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...l.d...........!......................... ......................................[.....@.............................D....0..(....@..8...........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8....@......................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46056
                                                                                                                                                                                                                      Entropy (8bit):4.898551846960824
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:Flbeoedw/7JK7bABYlNpJy0WfWPxh8E9VF0Nyq4D:FAlw/7JK7b9jy0WePxWEU6
                                                                                                                                                                                                                      MD5:B44F9C9DCB53514D6A496C3506F74DBB
                                                                                                                                                                                                                      SHA1:1DC610693F782D08E3D6985351C298A61AE40614
                                                                                                                                                                                                                      SHA-256:430FEF5E3BC821188BFC9A180334495B92CB0E8D8C7FA0CED774031D9A7FC8B6
                                                                                                                                                                                                                      SHA-512:B7C9E4F838BFEF2B781D3871455D7B850135B8FF97FC1968E49BC2AC0B0B1F33DA759AD34F8E43D858A0971F8C2DDCA51925A5A65061E5B90DC4505405DC5748
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................8....@.............................D....0..(....@..Hy..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hy...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44520
                                                                                                                                                                                                                      Entropy (8bit):4.652027629630858
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F546L/TKrQLtUv6oNpaAYjZZ/fbMgTRlRE/5nJy0W8g/Pxh8E9VF0NyNDA/XV5:FVw+f3TFAy0WH/PxWEXDiL
                                                                                                                                                                                                                      MD5:8E1DC4C71BC03D10ED3BD2293B6C3A21
                                                                                                                                                                                                                      SHA1:6649BCDF0D137AFFA4CA983135FE5EBE3336A495
                                                                                                                                                                                                                      SHA-256:0C0B827C7ED352F5FC376B3F2F2064CA7A27828907BE77C66585CC457A769F16
                                                                                                                                                                                                                      SHA-512:AB785D0FFA1F7FA7754254905752366B9BE7B592248DFCF036B087A2EAD07E112228B4D36B954DAEFF2ADB24A0566A9552168BC3FE7FCC5E4DF0E56A95B8042D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................7"....@.............................D....0..(....@..ps..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...ps...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46056
                                                                                                                                                                                                                      Entropy (8bit):4.64263735417891
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FUdjv7nGXd/T32SPxLLJy0WGT1+Pxh8E9VF0NyazyEH70:FwGtKqNy0Ww1+PxWEU
                                                                                                                                                                                                                      MD5:9DAD72B74700EEE3D33603BFFF9E1F98
                                                                                                                                                                                                                      SHA1:5C9DE57CFD021549D6B34AE225E44BF0BFD662CB
                                                                                                                                                                                                                      SHA-256:6BDEF62FBFEB7B054E17F463C24A878F537EFFC82F8E3CF96D977265E44F2659
                                                                                                                                                                                                                      SHA-512:DDF30DD81788173FB0332B548C40A03B9BBD1B32074C54C36150D7AD64AA7DF5974A8FE6D2155E17E22A505F66DFC54147E7B9F88B644EC0F573ACBCB61992CE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...[.d...........!......................... ............................................@.............................D....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.660574455025035
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:Fio75JZSiyCSiyVKwRAYSTv4q6K3Q5PacJy0WlxjPxh8E9VF0NytvuLK:FWhCYWv6K3Qby0WbjPxWEHGLK
                                                                                                                                                                                                                      MD5:EE0889163C7A670DD81A3E05D52EE458
                                                                                                                                                                                                                      SHA1:A7A834305FAC8F75B1556234F5C0381623B29984
                                                                                                                                                                                                                      SHA-256:E1960E7A05427B85D79F60F8A163A68CC29C6011A87521DCDC00B1F1A3D8B606
                                                                                                                                                                                                                      SHA-512:679C4163ECE96C888D3B72926A1BD710C444A07290E60DEB274A7426B7850826650F3CAEF4338639881526F1C7FE179C12AF671C13BF24BB5E67052B37F23D88
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... .......................................}....@.............................D....0..(....@..Pu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45544
                                                                                                                                                                                                                      Entropy (8bit):4.699948735964885
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FuwzJhn7KZHCCN08Gp6WDgxTJy0WppKPxh8E9VF0NyKNky:Fb7y3+yHy0WqPxWE8a
                                                                                                                                                                                                                      MD5:4C826E19B27FC31A8141C1735A3A093C
                                                                                                                                                                                                                      SHA1:E74FA47D26AB8A2C45E6DB2DB94E27FB84FA6437
                                                                                                                                                                                                                      SHA-256:421DDAAB31E480790E5989E145C050010959E629702E3187870C12E451278A92
                                                                                                                                                                                                                      SHA-512:0AC44BD5A24B05D49B08ADFCD53C7C5A45D97E8798A854AFDF9BF374438F657C56255C690BDF0837EA154ACB71DF83D0DF1491DEC7D5D4DFB9FE272AB507C593
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..(w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.66752824702996
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FGTbq/Zc+GZX8aF8zQJy0WCJ65Pxh8E9VF0NyL5:FuCFSy0Wk65PxWEd
                                                                                                                                                                                                                      MD5:C5DA26E0E296C4C1666BF60B0CE16911
                                                                                                                                                                                                                      SHA1:93D4C57699BF8AA981E3EBF8B33992F2CA45DE75
                                                                                                                                                                                                                      SHA-256:5A04FEA91640E065F67F1427F171270CE769CB3E2155F340834C935783AAC634
                                                                                                                                                                                                                      SHA-512:E6175D639071FD13F00ABB0C2B1876387899158CB824182783710C1177E18B5E02B18B70C0CE91F32F1367F8CA5C92F1E8D1F98BA6918D7312BD6ADE56D9FABC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...O.d...........!.........~............... ......................................-C....@.............................G....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45544
                                                                                                                                                                                                                      Entropy (8bit):4.646340111209961
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FVEK+wstFNEx6ewBIiI2XhJy0WQGSPxh8E9VF0NyC2nEm:FVUMx/ULry0W0PxWE88N
                                                                                                                                                                                                                      MD5:1ADDBCF6719F81E880737EF30CA89BE5
                                                                                                                                                                                                                      SHA1:043C046AA3420339067C6DDFFBA253393057B0A3
                                                                                                                                                                                                                      SHA-256:9E229B99EC1725BA355B7F905A46BD4C7D15DAE3A7FA5CF54A8C199B6BB572BE
                                                                                                                                                                                                                      SHA-512:6931634D5096C236930FD4CA3C850D9DA325010DE96D99A7C26EEB9E7153DA7F4D3203F7D332820DE5F4D045296CDDBF9890EB6D157E27E82C46AA098EB6ECF7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................Da....@.............................G....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45544
                                                                                                                                                                                                                      Entropy (8bit):4.668533720243672
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:FTnC1yNbMUB251BRHc871nDtCsy0WK4PxWEr:FTeBRHnRDLJ4Px
                                                                                                                                                                                                                      MD5:0802BEFFB8CC1942F450403A83DAD91A
                                                                                                                                                                                                                      SHA1:6BFE6CFCFDB789FE15365AD39AC60D7CFA782C31
                                                                                                                                                                                                                      SHA-256:A15770A440E09967BBB25E4B8B326AE2596DD80F483CE12AA21678D0DBAD9233
                                                                                                                                                                                                                      SHA-512:6F960C168536251F871F1FD3EB6E62AEA407DF0FE3218EBCEBEEE2CD5B3DE0675CDD874253F3259776B9338FFB9B6B4C608E769E21F9847C25600E3769B303BC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44520
                                                                                                                                                                                                                      Entropy (8bit):4.876003031420293
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:Fm5y4uF44vKAvHdho4d283lmJy0WR22dPxh8E9VF0Nyvdz:FtZvHsFy0WnPxWEJ
                                                                                                                                                                                                                      MD5:722B3E9E83D16481C12B803537F72AF3
                                                                                                                                                                                                                      SHA1:D245E7A40305CFCA26A9EE4B95CB7C1859EBBDB8
                                                                                                                                                                                                                      SHA-256:F44BBD97D7B300262AB1F9D4C918B3B980D41419E91669B04E36756A5683974D
                                                                                                                                                                                                                      SHA-512:4A5A6DCF554C97885DA2632850CE380A7371264F78D0E268E34690E6820CDC2B7B671F7055709DD92A77291FF618FC9619308B89D4D7920F46CBFDE284FB00AA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...9.d...........!.........|............... ......................................GM....@.............................D....0..(....@..xs..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xs...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.69456859037089
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FpXaHdicuh+PiR6gLTPB2wJy0WELPxh8E9VF0Nysz9:FpQqjRjJy0WKPxWEy
                                                                                                                                                                                                                      MD5:F8796BBEE22813BE0658163260FADA1B
                                                                                                                                                                                                                      SHA1:F0AD54100A996E41011D9FFBE084CE7681299C9E
                                                                                                                                                                                                                      SHA-256:8EE1C8984C63767959CD2ABC99BDBD860DA47B9D4B762982E045764F2FF56FE0
                                                                                                                                                                                                                      SHA-512:8D9D3168D4D4A7E50AB856D3BB87CDABA5609B809BF0BDB9BFF00D7FD925B4AB750FA19DD9FD44131B46C72F87852D1FFC76144DF3F3CA450A0E173BFCB3C76D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@.. u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45544
                                                                                                                                                                                                                      Entropy (8bit):4.657549160186828
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FuqToeST0shVyixlk5TpWBdf1i2IXouscM89Jy0WrTpKPxh8E9VF0Ny2WW:Fhv4lk5y1YZsAy0W0PxWEYP
                                                                                                                                                                                                                      MD5:A7B4B48A39BFD0C344FE3D41545B76C9
                                                                                                                                                                                                                      SHA1:B28B71015E1A3710F1C042291D398C6119FD48A7
                                                                                                                                                                                                                      SHA-256:C828237E6C4C8623F1F2E9598A62936769355EE7BEA317460CE645CC7AF1D911
                                                                                                                                                                                                                      SHA-512:1D15AA6913E32D7200055F8B29ADD8E5A2C4A9070B9CD906788E4DBCC5F5BD5FBC14E47805A051569AE51792C0065F8ED6F9414E968D466418B10056C0A541DD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................V_....@.............................D....0..(....@..pv..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...pv...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.872942179610346
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FWPbqSW7ixHUjY13tGPJzJy0WEtqkPxh8E9VF0NyBF:FKqOUjudGHy0WwPxWEb
                                                                                                                                                                                                                      MD5:799B04C0C9700BAED67AE3AF641B8946
                                                                                                                                                                                                                      SHA1:25050A1D302F6F3BAB291FAF07C7AFB147BD6992
                                                                                                                                                                                                                      SHA-256:A77EC067351FEEB80B8F8375C98F993360CB52B7C5F90DA90A8C9A08CD544E5F
                                                                                                                                                                                                                      SHA-512:D3D15D4BB99EB167040A319BA56797F718DA3FAB1CDF131E290F5A9A03876C9F41705820EC52E55686DE7FD5B1969ED7896888A2358FD41DB3588EBB63ECD58D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!.........~............... ......................................L.....@.............................D....0..(....@..Xu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.664578663662526
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F9a0GdxC7vc3ELOlJy0WcCDJjZ2Pxh8E9VF0NyP+/o:FRAxCDc3Eyy0WsPxWE9c
                                                                                                                                                                                                                      MD5:CA50F99E4418798ADDA414C81118C2B5
                                                                                                                                                                                                                      SHA1:2F24E7B5C81DF67236C1A692E3FF4091D10907F5
                                                                                                                                                                                                                      SHA-256:C055262DE24BBC07462232258CB082C6E6D5FF1502CE2909B9CDA46CD27ABF75
                                                                                                                                                                                                                      SHA-512:83C199505517CCA36FB86066C73DAF9C35611A5E58EEAD3F49AFF1631DEEB188CCBE7B671439CACC0904B3CDF9A7C8EAAE0CE371AFE14F4ADFD5D042D31D2C7A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46568
                                                                                                                                                                                                                      Entropy (8bit):4.694492393037756
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FnHdpqgicgiY7upv4M5IOyAeJy0WXaQPxh8E9VF0Nyz1R2:F9QQ07Gv4M5My0WJPxWEh10
                                                                                                                                                                                                                      MD5:1DC167C856FE15596A907B56A5451F38
                                                                                                                                                                                                                      SHA1:6803F563B7F78C6D7133FC1D2C6126EEA1D9FEBF
                                                                                                                                                                                                                      SHA-256:E31B4E78C820A17124669D3A2B56C2373FD2C21BC5F0E87565C0AE8B5307E236
                                                                                                                                                                                                                      SHA-512:18FDE8537E95411C9814DB12E780CA7AD4E6756A97F2CE05CC30653E2C4F3735BD09AF6D2F9C23BC6ED5DB09231D8070E1025738B8C0B32214E217CBCD250A13
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................F....@.............................D....0..(....@...z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):47080
                                                                                                                                                                                                                      Entropy (8bit):4.948448659499415
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:Fd08e0wcY51ZLm+4Lw3OTJJy0Wn+EsCLePxh8E9VF0NyK9Qm:FX5fY51ZLm+4Lw3wy0WXs+ePxWE8p
                                                                                                                                                                                                                      MD5:F2827506727689200C75B134AF3A81B7
                                                                                                                                                                                                                      SHA1:701B606A684B30BFA376F4F244582FF32BB9E6CF
                                                                                                                                                                                                                      SHA-256:8831BDCD00FE1055E32CED62DBC3437612EE704FD331DF35D8ADF4450C95D3B6
                                                                                                                                                                                                                      SHA-512:3069C2BFBE34E27A4309843B79585F89C44D0949F1EF51C3FBB79A91310CA8C8C9373E603E356AE1DA575A7D60A056FFAA2742AC356248A30C00BAB02B2AB680
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!......................... .......................................r....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46568
                                                                                                                                                                                                                      Entropy (8bit):4.900098776782017
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:Fxfyhq1o45Z4aJALD61VJy0WVDPxh8E9VF0NyEc:FshGV5yaaLDiy0WFPxWEu
                                                                                                                                                                                                                      MD5:C6A338676486B4405CBCFFD9E95B6DFA
                                                                                                                                                                                                                      SHA1:6B7E2FE7EEDB08B289FC4DAB01BFB1EC648EC416
                                                                                                                                                                                                                      SHA-256:EA52171A1BA9D431C9E4E99DB45EF64D5AAD5C224A80A731BBAC428D626360DC
                                                                                                                                                                                                                      SHA-512:08C73FB7DAA69E6D7F5E3A23D1D5761EBE158A7863CC754F80EF7CEB57100E2337819F6733203121C85FB898002660298BD8B9221D96E5B1FA3D96CC22D05406
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..Hz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44008
                                                                                                                                                                                                                      Entropy (8bit):4.898585189301246
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FAcYp+lrGsMKNMAcetNebrJy0Ww+w8Pxh8E9VF0NyHS2t:FaglrGszNMJetNmy0WttPxWEdXt
                                                                                                                                                                                                                      MD5:921A76FC57260B64D56F85651968A802
                                                                                                                                                                                                                      SHA1:DE76CBF4AEECB954EB67937D57FEA4D053AAA89B
                                                                                                                                                                                                                      SHA-256:CE33AD0DBA4BEC40377B9ABFED4EE3C03CF1F159DB500F95366C377F6FE49664
                                                                                                                                                                                                                      SHA-512:62BC3D4395562561A52E0A387454C631ADDE175AFDDAA3DE6084E0B55D89538AC49D3A7AC04EDDDB1E4013862AF9C3706D40EAF249443598A16B5521852DE00C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... ......................................#.....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.710217028647626
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:F0Jp9ABk6qXQEdmvgh57GE+G9Ahrx++BzQSXjy0WebPxWEC8:F0JZhdmva7GESxLQK7fbPxt
                                                                                                                                                                                                                      MD5:5BA91381EEAE1785BA89FC890808C7A9
                                                                                                                                                                                                                      SHA1:CE3CD4E4007837F3A8D1629AA9366A0FAF4B2792
                                                                                                                                                                                                                      SHA-256:B6B7B4A056D3449349BD0981B48AD1DCBC32AA5B41C4FF9B680F994D540744EF
                                                                                                                                                                                                                      SHA-512:E8325BD2E545D322AD9627F6B631402A3868612B407C4F84CAD0B3C834EA0EA5D4ADF5DD88B7D539BC231B4651A5F2C0BFF1FC1D843005B1C96A56BB249D2DF0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44520
                                                                                                                                                                                                                      Entropy (8bit):4.886468370762969
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FNUVbL1KgHWyC2EeEWNXE/GfuyziJy0WlUPxh8E9VF0NyJTgk:Fy31luhy0W+PxWEH8k
                                                                                                                                                                                                                      MD5:65C37B9914F7786AC7E3C3584C8F7A62
                                                                                                                                                                                                                      SHA1:3B2D785698F96CC92A6AF481283406657FFF65E0
                                                                                                                                                                                                                      SHA-256:9945A40CD5E0075A55A6691717D8A59C98BD85AE84E938041DD6EF5427A88B0A
                                                                                                                                                                                                                      SHA-512:5005A480EA3243F8232B44BA091A66227AC10CA51219B9915923B7C394538BD498B33062C1E88316BBD84CEBBCDEF80B901014A8A595DED29BDDDF2F85904308
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45032
                                                                                                                                                                                                                      Entropy (8bit):4.8564330106913625
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FmQE7wL2A+OmAcoWu9OeeZyYGdJAAJy0W5ySxPxh8E9VF0NyVQcVfC:FkE2A+OmAcoWAOeesYRQy0Wg+PxWEXV
                                                                                                                                                                                                                      MD5:CBAFB9B9B8760B0C3DBC3F0216C7513A
                                                                                                                                                                                                                      SHA1:0A28C2BC915B06C549DDADD8A31FE0A912090155
                                                                                                                                                                                                                      SHA-256:5E7C4916662FED930983ED046FF7DEF877F10D5375C510653C37A985BC547531
                                                                                                                                                                                                                      SHA-512:5FE40E9A820C46055B0E9934C5A8BC2E43BE90396436CD076752696C8576E2212D0A5D15F4C149866FC68500410727C1D30A6F1EF55ABDC0CF96DEA2F2BB3AC8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...f.d...........!.........~............... ...........................................@.............................D....0..(....@.. t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):44520
                                                                                                                                                                                                                      Entropy (8bit):4.771867334398084
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F+SM5fQghFjncDyv4Jy0WAWBQHPxh8E9VF0NyDff1R:FzYfDhVc5y0W3OPxWEh1
                                                                                                                                                                                                                      MD5:C34505DD2FAE316B795AE2D1E934AFB0
                                                                                                                                                                                                                      SHA1:864A67B9017573DD438AE321210ED720C454184C
                                                                                                                                                                                                                      SHA-256:0AF644546C66B952795B0A7D05AFCCFE87E9D572073C99F8CDCF146EE5705857
                                                                                                                                                                                                                      SHA-512:00B2FDCFE24CD17C7418E471BEC762F235669E0DB35D05D2023E155D0B543F65BA1115450D01FC5D02177AAA2CDAF10CC640506E6CEAB716F0C4F2ED44D7767E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...s..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):38816
                                                                                                                                                                                                                      Entropy (8bit):4.841517965818435
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F5xjPSJshAFBMHwzJy0WKGPxh8E9VF0Ny/NU:FrpAFBTy0WvPxWEJa
                                                                                                                                                                                                                      MD5:2BE99DBDE29BAB1363E5848B84362E23
                                                                                                                                                                                                                      SHA1:3149C9598CE3CB29EA0E756C9E12DCECB8628283
                                                                                                                                                                                                                      SHA-256:B5927FB9699C79D77B1D49F322BACE29801776CCEE4F91EECAE00F04F6431396
                                                                                                                                                                                                                      SHA-512:44E66C99747F6857883585653894F333B638A4A19AEBD1C9CEF6D264064EFAFD7A77FDED06F5F5C14F0E489E2555D17576EE3152E347CC74B8BC7E5741F3A5A8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........f............... ......................................c.....@.............................G....0..(....@..`]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...`]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):38816
                                                                                                                                                                                                                      Entropy (8bit):4.854603942594096
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:F++/JutGmmBdcJy0WsinPxh8E9VF0NygBjY:FNATy0WjnPxWEKK
                                                                                                                                                                                                                      MD5:2667B44345F8C493F41C9C65B2B40B70
                                                                                                                                                                                                                      SHA1:0969DC5411520E3FDC242D6D1F5289DC69218526
                                                                                                                                                                                                                      SHA-256:3BEE374E97F8C0A2EDA5A6509CBFE21B4DC3BB9E0CAC62CA908F8EB049A3EFEC
                                                                                                                                                                                                                      SHA-512:8D746F5AA6A21EC1FBB05E35554396BCD0E017CED7D65409D721B75CC4DB04FE7FA944F4122C1BE1E6AEF47E1DEADDF444A943BF9D5632E906BE123013B85ECA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...P..d...........!.........f............... ............................................@.............................G....0..(....@...]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):519152
                                                                                                                                                                                                                      Entropy (8bit):6.796206581178465
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:bcP2nPG96akIIm7D0W1IK+K2XaTPwKwJIC:AP2n+96WD0vWoaTYKwJ
                                                                                                                                                                                                                      MD5:6B3F50DD9E9D077CD50902BF1B79427C
                                                                                                                                                                                                                      SHA1:32B57A6452CABF75DC4162EE026D396A13933955
                                                                                                                                                                                                                      SHA-256:9CC9D08D8E71D15E15D32B2A5DE58766A7DBFFEA37F476A739A42231C26A2777
                                                                                                                                                                                                                      SHA-512:5856C0B791F93E4DB5C0950568C45BCC3D132466661B7A9C1B85C21ADBEA91EB5C9744E67F5CF2877F934DA3C278550D7FDE294A6CAEAFC634CBCE71DBA40EC4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........iI..'...'...'..}"...'.rx ...'.rx!...'.rx$...'.rx".Z.'..T...'..}#...'..}$...'..}"...'.rx#...'.rx&...'...&...'..}....'..}'...'..}...'..}%...'.Rich..'.........................PE..L......d...........!....."..........[........@............................... ............@..........................=.......>..........h...........H....;......8I...&..T...................@(......H'..@............@...............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data....I...`.......8..............@....rsrc...h............J..............@..@.reloc..8I.......J...f..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):396216
                                                                                                                                                                                                                      Entropy (8bit):6.6364472604888975
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:n4bSrQpVFWtouGV7AstKS4rHICzoHz25HxPqJKCJAOFbr0uY6ckgOdi:qSUpVF64XsS4rHIC7qVJz0eHLi
                                                                                                                                                                                                                      MD5:8648A09E9EB09453D7153101E25F8FCE
                                                                                                                                                                                                                      SHA1:B55B5E28317A5F1452BCBAC2704747B3DC4483D3
                                                                                                                                                                                                                      SHA-256:BE8DB74FBEF1CD2EEE7C2A8957B33634913EEA9CBD20B1E875B95878BBFBC42A
                                                                                                                                                                                                                      SHA-512:57BFF27A142062691507B1D99AB8086FACEFC3A211484B97281964F615F2C5259760622FA83155F4198BB48E3D2B54795B4E316D9156C293939D318ED959CDC4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......[....@.........................P3.......4...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):521784
                                                                                                                                                                                                                      Entropy (8bit):6.353157166068969
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:lcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0ToohzmVj50ZfxA6ckV:bnSgciKFK/IMakZvvClDE0TooU10xH
                                                                                                                                                                                                                      MD5:29991826BE3385C3A92B49F672F92026
                                                                                                                                                                                                                      SHA1:9F16C72BA044E378167F631C41CE1B3D818E0806
                                                                                                                                                                                                                      SHA-256:7FCEBD4FF83566305500F9BFDD342EB57C502B427A12EF281092FAB94E142827
                                                                                                                                                                                                                      SHA-512:F525CDF3EA0B77CCA0475433E6DF3A577F76479C0B6BECCC0B41A147D9372A4BA8586D84FB0ADC5660A4BC28359DACCBE76691C604748AC56991210E344D748F
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d...M..d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):396216
                                                                                                                                                                                                                      Entropy (8bit):6.636012823818412
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:S4bSrQpVFWtouGV7AstyS4rHICzoHz25HxPqJK7JAOY1r0Oc6cOgOdi:dSUpVF64XMS4rHIC7qIJW0ypLi
                                                                                                                                                                                                                      MD5:737520D5A13D92E1210CBFFFC64C109D
                                                                                                                                                                                                                      SHA1:F6677A3AA960225DBE682678289FBFFE4AF3C9CC
                                                                                                                                                                                                                      SHA-256:6A59B47E916C73C046D604956A050CC5AF9A0C96D1DAE51CD8ABDEE17F273085
                                                                                                                                                                                                                      SHA-512:89BD770D565553ADA2123CAFDBCB3443E5B304BF0D0EE901CE2DE0E7C6245B08162F2FE39C7FCFC1A7908105A3A00DF3BD8DD3EA0CE13F96C91DAF21EAE2155B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......d....@.........................P3.......3...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):521784
                                                                                                                                                                                                                      Entropy (8bit):6.352828173572569
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:ZcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0Tooh/RYD50Zfx86cSAj:HnSgciKFK/IMakZvvClDE0TookV0xr
                                                                                                                                                                                                                      MD5:4FBD1394EEAA4D5F7BD66AFDC6FA088C
                                                                                                                                                                                                                      SHA1:8D09DC6A9C06A8B549273BF121E7D3D41E8929CC
                                                                                                                                                                                                                      SHA-256:7A9F75B840515009ABDA7BCA9372C97C5514E32D0324A2D01A7FE377A3889762
                                                                                                                                                                                                                      SHA-512:089160F6D4AEE7A1C6C550F256BF52573A71E8CDCBFF19AA829618DC1D29B772288CA76A270001DA09B19BFA175DC20829607F9C3035C672D2289550927371F7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d......d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                                                      C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):440608
                                                                                                                                                                                                                      Entropy (8bit):4.477495049012643
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:TjbidjsOQe3H/lqa8ggDemWSzuwJWwqjPpiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBv:ytqa8VxJMReTixcvcF4fZNVw
                                                                                                                                                                                                                      MD5:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                      SHA1:B267CCB3BBE06A0143C1162F462839645780D22E
                                                                                                                                                                                                                      SHA-256:66E75EA8A3641E419D5226E062F8F17624AFBEE3D7EFD1D6517890511E7111D9
                                                                                                                                                                                                                      SHA-512:512F2C2BE5EE5F61F31719344CD20DD731898C5B63F6E1ABDBFC81821533D93AE06C96F256AC1196E9F457A927C4AA61C35D00B45181793547FF3B6670866CCA
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.<r..R!..R!..R!..Q ..R!..W ..R!..V ..R!B.V ..R!B.Q ..R!B.W <.R!..S ..R!..S!s.R!H.[ ..R!H.!..R!...!*.R!H.P ..R!Rich..R!........PE..L...b..d.................<...L......;z.......P....@......................................@.................................`q..x...................H....8...........^..T...................@_......X^..@............p..\............................text....:.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc................T..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\ProgramData\AVG\Icarus\Logs\icarus.log

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):40397
                                                                                                                                                                                                                      Entropy (8bit):5.033348475634787
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:gdb4wk/5XL6US16GuBPccwO66xhAWxhOknk/nOVy1cU8I5Mx8OZnitZOg5gHDQ9A:Ab4dXGFux99
                                                                                                                                                                                                                      MD5:282B569FC2E511725449AFFD79E7E0C8
                                                                                                                                                                                                                      SHA1:C7E45E871F6A8ADD82997B728FF1B6488844DB52
                                                                                                                                                                                                                      SHA-256:1E0316A776458A155DBDF2BBAD22C5E9FC5A65DC163E38A864E6999C08BE3B26
                                                                                                                                                                                                                      SHA-512:EAF6EF3F22DA4D54E92A7B581D3DAACACF4EFA77B61620A7361B4CF2423FE71D2C1681E30EF259DF412C1C80C56FB7FB2147F564025DCE8B32106E028F06422F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.[2024-12-24 11:06:47.311] [info ] [entry ] [ 7032: 7056] [231CAF: 39] Icarus has been started...[2024-12-24 11:06:47.311] [debug ] [settings_lt] [ 7032: 7056] [18C22A: 190] generic accessor for scheme registry set..[2024-12-24 11:06:47.311] [debug ] [event_rout ] [ 7032: 7056] [CECE0F: 49] Registering request fallback handler for event_routing.enumerate_handlers. Description: event_routing_enumerate_handlers_handler..[2024-12-24 11:06:47.311] [debug ] [event_rout ] [ 7032: 7056] [CECE0F: 49] Registering request fallback handler for event_routing.enumerate_handlers2. Description: event_routing_enumerate_handlers_handler..[2024-12-24 11:06:47.311] [debug ] [event_rout ] [ 7032: 7056] [CECE0F: 49] Registering event handler for app.settings.PropertyChangedValue...[2024-12-24 11:06:47.311] [debug ] [event_rout ] [ 7032: 7056] [CECE0F: 49] Registering event handler for app.settings.PropertyChanged...[2024-12-24 11:06:47.311] [debug ] [event_rout ] [ 7032: 7056] [CECE0F:

                                                                                                                                                                                                                      C:\ProgramData\AVG\Icarus\Logs\sfx.log

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1466), with CRLF line terminators
                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                      Size (bytes):13866
                                                                                                                                                                                                                      Entropy (8bit):5.5513331352340325
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:IPFP/fYtRMbUpVw47GJQrSrydrKryr8r0BrcBSGd:IPpHwuIpV5iim2OGwCQBzd
                                                                                                                                                                                                                      MD5:A7F634BD2F0723757A78B0C9ABA47CA7
                                                                                                                                                                                                                      SHA1:5F59C6C6B481BC58E0A03F4179E80210C2F8076F
                                                                                                                                                                                                                      SHA-256:F91FA20D20EFD3819AD7B7AD046F4B538B800AC0D7241EC99756A10CC4848CC8
                                                                                                                                                                                                                      SHA-512:BBF76F166A866B880430132BFE92E056318874DD69CA4385560EA576BCF8D76EA57E1258320C953227908CF83ADCFD3E37962A2FD0D3F6924502CC73FBC07443
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.[2024-12-24 11:06:08.349] [info ] [isfx ] [ 2124: 2588] [C7794E: 183] *** Starting SFX (24.12.8365.0), System(Windows 10 (10.0.19045) x64) ***..[2024-12-24 11:06:08.349] [info ] [isfx ] [ 2124: 2588] [C7794E: 184] launched by:'6032-C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exe'..[2024-12-24 11:06:08.427] [debug ] [device_id ] [ 2124: 2588] [8A1DA9: 70] Storing the new fingerprint..[2024-12-24 11:06:08.568] [debug ] [isfx ] [ 2124: 3704] [3A3D94: 62] Sending report data: ({"record":[{"event":{"type":25,"subtype":1,"request_id":"88b0f428-69b0-4018-85b7-fa4358f07672","time":1735045452115},"setup":{"common":{"operation":"install","session_id":"729de4ae-763f-4df7-a043-5659222e822a","stage":"sfx-start","title":""},"product":{"name":"sfx"},"config":{"main_products":[{"product":"avg-av","channel":""}],"sfx_ver":"24.12.8365.0","trigger":"6032-C:\\Users\\user\\AppData\\Local\\Temp\\is-JAV1C.tmp\\prod1_extract\\avg_ant

                                                                                                                                                                                                                      C:\ProgramData\AVG\Icarus\settings\temporary_proxy.ini

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):278
                                                                                                                                                                                                                      Entropy (8bit):3.4584396735456933
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:Q9oPdKwo/e7nwY0ow+lGUlYlUlulnvm4HflKmaGHfltNv:QCFKwh7CaI/VJNKKHNX
                                                                                                                                                                                                                      MD5:B8853A8E6228549B5D3AD97752D173D4
                                                                                                                                                                                                                      SHA1:CD471A5D57E0946C19A694A6BE8A3959CEF30341
                                                                                                                                                                                                                      SHA-256:8E511706C04E382E58153C274138E99A298E87E29E12548D39B7F3D3442878B9
                                                                                                                                                                                                                      SHA-512:CF4EDD9EE238C1E621501F91A4C3338EC0CB07CA2C2DF00AA7C44D3DB7C4F3798BC4137C11C15379D0C71FAB1C5C61F19BE32BA3FC39DC242313D0947461A787
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:......[.P.r.o.x.y.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.i.z.a.t.i.o.n.=.0.....A.u.t.o.m.a.t.i.c.E.n.a.b.l.e.d.=.0.....C.o.n.f.i.g.U.r.l.=.....F.a.l.l.b.a.c.k.=.1.....P.o.r.t.=.8.0.8.0.....P.r.o.x.y.N.a.m.e.=.....P.r.o.x.y.T.y.p.e.=.0.....U.s.e.r.N.a.m.e.=.....U.s.e.r.P.a.s.s.=.....

                                                                                                                                                                                                                      C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_000B005C003C0011001B.txt

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):211
                                                                                                                                                                                                                      Entropy (8bit):5.082360571907686
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:rtRcam+k2JM0RG0DKhSm0tRcLRaZVjwOrADGq:ZRW+k2JTDFnReRarjhroZ
                                                                                                                                                                                                                      MD5:7E4AB5B205A1608DB25EF303645DD97E
                                                                                                                                                                                                                      SHA1:C3E16C8A45108071C06F01C6CF6BAE66F44BBB68
                                                                                                                                                                                                                      SHA-256:26DC88A9B41E9CF7641E2600DD9C158AE357D8473DB0DB4B6CFF935C1CED69D6
                                                                                                                                                                                                                      SHA-512:A6A67B1E0E934A70218023D16693EDA5EE64EC79134A3FA252A27AB7FFBD6D03DA909CDAFEFB77201B0607A2069928D33E5A9CE2CB2492F1408D5175F24C3442
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:[ERR][20241224 08:04:03.784][ProcessUtils.cpp@210]: Failed to get executable filename for process with id 476. Error 31..[ERR][20241224 08:04:32.568][HttpsDownloadFile.cpp@200]: Unable to open HTTP transaction..

                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                                                                      Entropy (8bit):1.3073582465777698
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrr:KooCEYhgYEL0In
                                                                                                                                                                                                                      MD5:BE2AEF18766776DBEB10E365B319A635
                                                                                                                                                                                                                      SHA1:7BD4EC12DCD7FA217DF268CB335E9B37F7D85CB9
                                                                                                                                                                                                                      SHA-256:0A440CAC475495FCF3649D9F0DA9B423A5226B6C40DCBD53FC7B6CCB37BEB09E
                                                                                                                                                                                                                      SHA-512:CC4EC3DE26949D0A00E3152EB3E54A6512B09D5C4C53833DBA0D8507C0B0CDEA5F1FF1AD7656696D56408E31795605EA998B8D1B6245C148CF0F31FFCB35208C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                      File Type:Extensible storage engine DataBase, version 0x620, checksum 0x4d62a804, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                                                                      Entropy (8bit):0.42216179713004814
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:BSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Baza/vMUM2Uvz7DO
                                                                                                                                                                                                                      MD5:29AC5165ACC6830763053F03AE3E8591
                                                                                                                                                                                                                      SHA1:B87DBD6584D45B01FD94944FA419152DF9A4A743
                                                                                                                                                                                                                      SHA-256:F155E0DD6810DEA65D13CFC4DAB38015CA40FC5F0FF3125E83F31AF6F81C3292
                                                                                                                                                                                                                      SHA-512:F3BB618B7DF5B45F9B5979E23AC92BCAE8880BB51472FF5342A2395425F7C7930497C474BA43B2241DDF6D7F29705A85E086C94766852986270C8FD6AC4C4E0C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Mb..... .......A.......X\...;...{......................0.!..........{A......|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................p..".....|....................7).....|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                                                                      Entropy (8bit):0.07658784117283021
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:n/S/llKYeZGZa+xjn13a/i7yalXallcVO/lnlZMxZNQl:OlKzZKx53qE4Oewk
                                                                                                                                                                                                                      MD5:DF610BA7C94041D1538D141E53D2D443
                                                                                                                                                                                                                      SHA1:EDCE2C78A4F2AB2FA2A14C31E923500D39EE36D9
                                                                                                                                                                                                                      SHA-256:6E87BE729CC60E8393303C45E0E44B8D3AC3703ED0D9A69FE3EC090C998CD7AD
                                                                                                                                                                                                                      SHA-512:59BA0C98B31B1EAA750CF2290DCB462129FD7D8BDB0F98B0E060E338FC85D0BC80F08861258D647B7A48A889E29B56723214749A2B5DE337BA998E65F5C72010
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:L.+.....................................;...{.......|.......{A..............{A......{A..........{A]..................7).....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Canvas of Kings__93cb8aa0ebada8bc6cc3ee15ba3a2061e89833_9beb09d5_deb6c35a-3bc3-4f7c-bd2c-bb7f4a14f85b\Report.wer

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                      Entropy (8bit):1.3829202489402965
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:rL2tJIrxdTV0wLn5srjiBgNTURe0vdzuiFJ+Z24IO8aF6X:oQxYwLnqj/URz1zuiFJ+Y4IO82
                                                                                                                                                                                                                      MD5:DB6A9091C34BFD8FD8DABE5388E612BE
                                                                                                                                                                                                                      SHA1:52E70B466FDADEE28957E51E848AA40718A59A48
                                                                                                                                                                                                                      SHA-256:3FA67E847FF9BA32D65D1FAA83091B33E7AB853E4CDA9340788C698F2AD011D6
                                                                                                                                                                                                                      SHA-512:5F0EBB5FF96117C8FCF7D85E0D3018DA2962B0432BE6167A74C07C0B29E5FCA3227F2AC5A006E0FFB4CD29014522AB9A5F58A3DA8ABBAEDCE1F6BFF4A46D76FE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.5.1.1.9.9.9.7.6.4.6.5.2.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.5.1.2.0.0.0.7.1.7.7.8.6.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.e.b.6.c.3.5.a.-.3.b.c.3.-.4.f.7.c.-.b.d.2.c.-.b.b.7.f.4.a.1.4.f.8.5.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.9.8.3.7.c.2.3.-.5.d.6.b.-.4.a.f.2.-.a.7.d.4.-.b.5.7.c.2.9.1.9.9.3.3.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.C.a.n.v.a.s. .o.f. .K.i.n.g.s._.N.6.x.C.-.S.2...t.m.p.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.b.4.-.0.0.0.1.-.0.0.1.4.-.1.c.3.3.-.a.c.a.c.f.3.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.0.7.b.8.b.0.d.9.6.e.9.8.c.a.a.6.d.c.8.d.0.1.9.6.5.9.4.8.

                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Canvas of Kings__e28730b7e88a1cd4a582c7bc2e4ae58fdb7f74cf_9beb09d5_6aa9b70e-2958-4d7c-82ed-6bb05be24fb0\Report.wer

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                      Entropy (8bit):1.382591321483914
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:LBJ8tJIrDdTZ0hqtssrjiBgNTURe0vdzuiFJ+Z24IO8aF6Y:uQDEhqt7j/URz1zuiFJ+Y4IO82
                                                                                                                                                                                                                      MD5:97BD50775230B8A1C2558A26695C7B38
                                                                                                                                                                                                                      SHA1:5F2CF2BB1C60F809E7D7506B422A055B5B063BC4
                                                                                                                                                                                                                      SHA-256:92B61550712B291DEACF47D186CDBD86E993F1BDCEA5C7D39A9274826EE51155
                                                                                                                                                                                                                      SHA-512:F7EF182FDAD9FF9097472F7D30E5E45CBCD61CB2409BE23B370CDE1A10A0D2221BF4727E4460B6858FFB9BDC619A38C973FA1C6A4094C00F69FF3E0BBDC3203C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.5.1.1.9.7.8.5.2.9.1.8.1.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.5.1.1.9.7.9.2.4.7.9.3.1.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.a.a.9.b.7.0.e.-.2.9.5.8.-.4.d.7.c.-.8.2.e.d.-.6.b.b.0.5.b.e.2.4.f.b.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.8.9.b.5.4.7.2.-.1.2.9.f.-.4.f.6.a.-.8.0.e.c.-.4.5.4.0.c.a.f.8.0.4.f.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.C.a.n.v.a.s. .o.f. .K.i.n.g.s._.N.6.x.C.-.S.2...t.m.p.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.b.4.-.0.0.0.1.-.0.0.1.4.-.1.c.3.3.-.a.c.a.c.f.3.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.0.7.b.8.b.0.d.9.6.e.9.8.c.a.a.6.d.c.8.d.0.1.9.6.5.9.4.8.

                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C8D.tmp.dmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Tue Dec 24 11:06:40 2024, 0x1205a4 type
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):114118
                                                                                                                                                                                                                      Entropy (8bit):2.2731563563548316
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:7NIrxT+dOGb9+enZEdPNCgPJE+m+5jX83iYa:7NUTYTnKdPNCgPJE+m+5j81
                                                                                                                                                                                                                      MD5:757638231128663E665B87F6A4653084
                                                                                                                                                                                                                      SHA1:02304403E36BEFF09D774B6D66FFD79A6BF73451
                                                                                                                                                                                                                      SHA-256:4AEF4D673E13C87B7DD33207B2BBE98E6747B0DE222CA605A6A57D0875E14D85
                                                                                                                                                                                                                      SHA-512:18AAB2E333AA9CDF4F97BF33FDCBE885E88F4F7E4E7B3C91543A4FD10E7B887FF17A253ABBB9C3600085DDBC9DDB60DEEB175BC5B65353C386E7A6EFF1DED97B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MDMP..a..... .........jg........................(-...............5......$...ne..........`.......8...........T............i...T...........7...........9..............................................................................eJ.......:......GenuineIntel............T...........[.jg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F4D.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):8432
                                                                                                                                                                                                                      Entropy (8bit):3.7120222287027125
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:R6l7wVeJIkG5e6k6YcfDl6lv/gmfDHdfpDy89bZJMsfwTm:R6lXJI5e6k6YYl6lHgmfJRZJffJ
                                                                                                                                                                                                                      MD5:EFB4EC4AE80DCF20C4DBB7A8234DAE22
                                                                                                                                                                                                                      SHA1:C728D72E9DA219B65002F84DF786517285765DCE
                                                                                                                                                                                                                      SHA-256:7B2EA7C66E6CD9A30DAA3C47C4101B8EAB63FF3D09BE1F32C29F550E46BF787A
                                                                                                                                                                                                                      SHA-512:E6D2B4E8F509BE738F60CF92FFC5B6E71F11B1DB9CD82E6AED0E72D8B67C727EC93F81BF55745270DA8E294AA69FC11751C47E6E1D0050A0454EEA13F4BFEFC7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.8.3.6.<./.P.i.

                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2FAC.tmp.xml

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4792
                                                                                                                                                                                                                      Entropy (8bit):4.475363495365891
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:cvIwWl8zs2NJg77aI9JuWpW8VYO5Ym8M4JKXNOXtFs+q87XEXFlRRVvWod:uIjfCI7PP7V1oJKXwXkuXEXPRRVvWod
                                                                                                                                                                                                                      MD5:FEF7081E4CF7A531B85F3A9E820B0B8F
                                                                                                                                                                                                                      SHA1:21EC805CEC81A6A7F04CCD1809780FBA43A9AFDB
                                                                                                                                                                                                                      SHA-256:094F430B193B842DCA374F35980517EA32D92AD6C0C8FB5F7D1D0071A14E9844
                                                                                                                                                                                                                      SHA-512:E31D564AD559DDBBB51303849E7EF21522DF30A19735B07478964512FA2A95133DB5D6D7881E6003110F999C4715C196A6C06E953435378025974966194B8CA9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="645249" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2FCB.tmp.csv

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):84614
                                                                                                                                                                                                                      Entropy (8bit):3.116695466762686
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:98ECaZhhjT0EgB6GhqWQMN4qmxRRAc2NBjTWL00:98ECaZhhjT0EgB6GhqWQMNXmxRRAc2NE
                                                                                                                                                                                                                      MD5:3630D5115B76C926D9D9F7B99586813B
                                                                                                                                                                                                                      SHA1:E129AE5D5A3E8A7131E117BA2BDD42C512FFA987
                                                                                                                                                                                                                      SHA-256:767921C97373DFACFA987F80AAC608A72506F9BB749AD7438623043B8D3A1C3C
                                                                                                                                                                                                                      SHA-512:88FDBBB7B68E7F96BBF5E8791ECF2B84296E44C9689A0289BB298CD7732052235D93369543D046BA88FE0DC3A18C85AEF88AE0DBE456DE0DA94FDE34AA060539
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER301A.tmp.txt

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):13340
                                                                                                                                                                                                                      Entropy (8bit):2.6884410473001172
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:TiZYWjgjnJYYgYbXWVTHQYEZ2atKiOI0k3wIrCRaSlfKjMHkEI7cy3:2ZDJH7QiaSluMHkz7cy3
                                                                                                                                                                                                                      MD5:639BBC8BE0A24743D18095A8115D01A3
                                                                                                                                                                                                                      SHA1:742850E96B55F0F2FAF77590FC783E458493E757
                                                                                                                                                                                                                      SHA-256:FBEB2871D6358A786DF3B9C4E12F279236A4D13C02D113F1A19DB425B0DE28D6
                                                                                                                                                                                                                      SHA-512:F9691BD29EBC1D6125B59E3431CCBC4F5F9D133C44C36E286C50D14A23550093CFD9628862301A54C17908C14032F1F1F2E994BC2C6F096FA5A44F2A48794F7C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERD98B.tmp.dmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Tue Dec 24 11:06:18 2024, 0x1205a4 type
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):124466
                                                                                                                                                                                                                      Entropy (8bit):2.2253993207657254
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:wJ83VqdOGb9+ePXENEdPYKqDawRAAIV24B8N+9:wa47TldPYKqDawRAAIV24BC
                                                                                                                                                                                                                      MD5:A63D385FFF9CF0466DA372A2271FEA95
                                                                                                                                                                                                                      SHA1:F69342DB98476567CA1FE5A01D1C8161048B7989
                                                                                                                                                                                                                      SHA-256:905372E302FB87F6B9169EC7BDC10B04296B4720D548FC92B268BBBE45F12975
                                                                                                                                                                                                                      SHA-512:47AAD00226898A2E0FD050081C18D3552A8525DCD83889BEDCA37EA3442B53DE6D8E32ADBA5552E15066D74BE083987E2FEE4203636B22B6C81F9DFD1C12E984
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MDMP..a..... .........jg........................(-.............. 6......d...jh..........`.......8...........T...........Pj...{...........7...........9..............................................................................eJ......H:......GenuineIntel............T...........[.jg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERDB51.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):8442
                                                                                                                                                                                                                      Entropy (8bit):3.7094326324710623
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:R6l7wVeJIkGD6c6YcfN6lv/gmfDHp6prF89b9JMsfLfm:R6lXJID6c6YE6lHgmfNF9Jffa
                                                                                                                                                                                                                      MD5:CBACB1110E251C12A12E8EAB1821735C
                                                                                                                                                                                                                      SHA1:5EBA17FFB65F9C8CAD19B24139AE8E680F1DCE07
                                                                                                                                                                                                                      SHA-256:F4964AD883BD82424FC00CFB6B52B8292E7E27EEE0213C34958F494C15C94832
                                                                                                                                                                                                                      SHA-512:DCD4D65D2FAF5E123A6CF90B8044C7E9C9EF782E74319334C1B9CF8EFB13562D58C61D2197A99A0204D9295D3E08450F49CEE191F6F5C2DFA2089AD0B56C6DED
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.8.3.6.<./.P.i.

                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERDBA0.tmp.xml

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4792
                                                                                                                                                                                                                      Entropy (8bit):4.473030720392571
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:cvIwWl8zs2NJg77aI9JuWpW8VYmYm8M4JKXNOXjFLP+q87XEXLlRRVvWod:uIjfCI7PP7VGJKXwXtPuXEX5RRVvWod
                                                                                                                                                                                                                      MD5:5E1573F692DFC32BE0871F3252084213
                                                                                                                                                                                                                      SHA1:DF812BFE47571DD29267D557347657A0FE4F1D12
                                                                                                                                                                                                                      SHA-256:2298BA8F051E38308E780F6C8D76789B53B32D0776006431BE2C0686232785E9
                                                                                                                                                                                                                      SHA-512:9403292494BA788841F20F944A219FF6DBEEE5A7D1AB094D6DBD1E1D92376B6EDF2EE99890CF562F35CB4BD367DDA8B55996746C8782E043EBB0E0142DB32E89
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="645249" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERDBBE.tmp.csv

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):82330
                                                                                                                                                                                                                      Entropy (8bit):3.1182684551351367
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:Z/EFh8Zsg7LXUg5C54qW0K9DSQY0qmxRRAbaizDA9q0:Z/EFh8Zsg7LXUg5C54qW0K9DSQYDmxRb
                                                                                                                                                                                                                      MD5:C8B61C3DF2FF27A244D918AA1DC51EC5
                                                                                                                                                                                                                      SHA1:811D06B702B2135E712FD83754F785B14BCE0CC9
                                                                                                                                                                                                                      SHA-256:B36FADD8EED1485B957CEB03184CD52E5C3D94B9289FFF7D8379821BF0654262
                                                                                                                                                                                                                      SHA-512:436F1BE826A899A31D34A6F2A6292F891EF7451174CF2B110CC4C7403EAF32C2A60B3A10D5A3288BBCE75282E847E888AC7D886EF9D0FEE4C37E7475C6DF46DD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC1C.tmp.txt

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):13340
                                                                                                                                                                                                                      Entropy (8bit):2.687166675494463
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:TiZYWBysWhARYMYEWuHHkYEZi+gtKi5IBk2wTSspaPlaMMH2IRcy3:2ZDBPLgKSoaPlaMMHxRcy3
                                                                                                                                                                                                                      MD5:97B9DFD0BD31AD241DDFBB71AA8DE4F6
                                                                                                                                                                                                                      SHA1:D7E29A8415E6335B505ECDAB6DE7BD7CAEDE8708
                                                                                                                                                                                                                      SHA-256:5F2933CC32A0C0EB06491F7263C3EEE4840DF9CB4E716B349B6E93B44B911324
                                                                                                                                                                                                                      SHA-512:9656704A0C4866B52D1296DABB80DBF3551313BF6B5DA9801E7DC1B5533D94579251282E069E5F8CD37D20BC836B1386F3036B32BB40FD269F07E7B7E4307594
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\6358C710-B89F-46B9-93F2-F6CAC44F5286

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1128
                                                                                                                                                                                                                      Entropy (8bit):3.8674491215171938
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:V98uCS6lz9ObqsGMPZngIru9g+qxJtKID1Xd98mU5ql:V98u6TJBqng8uqLJtKqVd9/U5e
                                                                                                                                                                                                                      MD5:B494FC72957B33F42737EFBA99586F08
                                                                                                                                                                                                                      SHA1:6BD7113280BEFF83548A93CE34EB2C2F9CAF9663
                                                                                                                                                                                                                      SHA-256:AC7F0AF2F7D617F60F40FF06F7A43F4D0D7C82D60DACED53160DD31D31B3E640
                                                                                                                                                                                                                      SHA-512:B029040DB9299FE9EE8C03BB90B293B5701640B2A4974D518D1B5AA83CD95BF34FC9B8CA2901D0BD82626D227E16CB2F5DA1AF9631D190BBEF3CAA8D252681D2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.B.m.4.N.Q.r.v.Z.O.0.a.Z.g.z.j.C.w.9.c.J.T.w.Q.A.A.A.A.C.A.A.A.A.A.A.A.Q.Z.g.A.A.A.A.E.A.A.C.A.A.A.A.A.x.9.7.D.m.z.v./.N.2.O.g.g.g.z.v.z.z.t.V.C.M.H.w.G.Q.i.K.r.p.4.B.U.5.T.t.5.f.n.g.O.c.g.A.A.A.A.A.O.g.A.A.A.A.A.I.A.A.C.A.A.A.A.D.8.K.+.U.8.s.r.P.j.F.g.K.e.P.u.1.A.4.k./.s.q.a.Z.h.E.0.O.e.R.5.Z.l.j.X.1.U.m.d.+.x.N.N.A.A.A.A.B.v.8.l.W.1.Q.j.M.h.J.h.m.G.9.f.0.4.M.Z.V.P.e.g.i.6.P.A.T.F.n.C./.l.7.m.u.7.v.8.h.p.K.e.1.s.v.0.F.T.P.6.O.P.q.m.N.p.t.0.A.7.l.C.j.3.T.2.N.i.n.r.d.F.6.k.C.6./.P.4.+.c.V.G.2.Z.c.H.c.5.n.A.w.q./.p.W.z.R.e.A.9.+.L./.z.3.9.2.T.r.m.p.d.o.a.V.T.9.4.f.P.z.2.9.S.A.Q.X.e.l.+.C.1.V.L.7.e.9.c.o.J.M.B.0.K.Q.S.v.M.f.j.p.t.2.3.6.Z.O.h.w.8.H.R.n.n.s.S.2.p.Z.j./.Z.N.x.9.r.q.Y.e.Q.P./.G.A.s.R.x.B.W.V.S.N.l.X.O.6.s.L.i.p.a.D.M.m.i.j.3.m.P.n.+.I.K.1.p.q.F.q.z.7.U.g.H.j.k.b.p.b.s.+.l.L.4.D.x.d.I.d.O.u.O.H.Y.7.5.a.f.B.Z.s.U.B.f.f.U.d./.J.Z.u.q.O.f.w.y.A.P.x.a.9.z.3./.Y.H.Q.A.A.A.A.G./.k.p.C.8.B.X.T.o.p.V.P.h.Q.H.N.R.Y.T.w.0.j.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                                                                      Entropy (8bit):2.894454882778696
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:bUlW4HWssyYhNeK6Ag:bUlOfZ56Ag
                                                                                                                                                                                                                      MD5:87E6D18E11622EEFE3126B4D7F065D14
                                                                                                                                                                                                                      SHA1:98B188D71139E80BEA6E702B3B1AD9DDCB24420A
                                                                                                                                                                                                                      SHA-256:8147211F52D2821E7401F26FC1DDDBAA51D3D52E60BBA7B76D23030F57900CB1
                                                                                                                                                                                                                      SHA-512:97311E9CB30CCE417DCC4840DE050AFED9AFDFF0871AB8D1B9AD983D0EA26C4E4F9C4D97026B57CDF6766B594B876CE7BE00B60BAC28FCCAD31A9A0A74CB5A17
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:C.F.3.B.8.1.7.4.7.F.8.F.3.A.A.6.F.1.6.7.7.C.2.5.D.D.9.E.4.C.2.5.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):72
                                                                                                                                                                                                                      Entropy (8bit):2.831286632575455
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:YldllkSCaMaOlnVC0Fit:YlnlpCaMbFHO
                                                                                                                                                                                                                      MD5:142DC481E342C0D8D931A98E4EA971A5
                                                                                                                                                                                                                      SHA1:53060F7F8BBDD8D32E16805D3C18205E5363FC93
                                                                                                                                                                                                                      SHA-256:5C17C0171735BEB784E5E14269802451BC0440C0C45726B17778BD1EA3CC890E
                                                                                                                                                                                                                      SHA-512:4FEC1E17C97F44FB2C1591F0DB8BB292B868D826AB3A9FE8C81E2AFFFBB1E2656A21E1299D36B33507686FA9140AD42790DE23D6F6AB338085198D2561F39B35
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2.7.8.e.e.6.3.6.-.a.a.a.8.-.4.5.e.3.-.8.1.8.0.-.a.9.d.5.d.8.e.b.0.4.d.8.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3025328
                                                                                                                                                                                                                      Entropy (8bit):6.402840215003268
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:yLJwSihjOb6GLb4SKEs3DyOMC2DlUt0+yO3A32ASNTvf9:+wSi0b67zeCzt0+yO3kS3
                                                                                                                                                                                                                      MD5:49312C19FA9B298CA2AE71E14F07CCF3
                                                                                                                                                                                                                      SHA1:0150F9D27733BA2D0647DA03453E1B1B6535861D
                                                                                                                                                                                                                      SHA-256:74C20B61D428450E2C0B3974381684190D8BBD2AEF3D573C86A3A954598319A5
                                                                                                                                                                                                                      SHA-512:A1C4CBCA2974277C52B2689A43A6D13F88884E1E8BE3B42A1C23E615A226E8D7C0FDCA2591EE4E8C39F439CB0FF0BCE3898676C95D3ADDC8D7F0C5000B0EA092
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...p.._.................$,.........P6,......@,...@.......................................@......@....................-......`-.49....-.p.............-..+....................................-......................i-.......-......................text...P.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc...p.....-.......-.............@..@......................-.............@..@........................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\AVG_AV.png (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):53151
                                                                                                                                                                                                                      Entropy (8bit):7.982330941208071
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:GcHlp3vMusTtWEgKqx8zHom+GChNPDViFKWUyG:Ggz3kTNgKq66VcFKW9G
                                                                                                                                                                                                                      MD5:AEE8E80B35DCB3CF2A5733BA99231560
                                                                                                                                                                                                                      SHA1:7BCF9FEB3094B7D79D080597B56A18DA5144CA7B
                                                                                                                                                                                                                      SHA-256:35BBD8F390865173D65BA2F38320A04755541A0783E9F825FDB9862F80D97AA9
                                                                                                                                                                                                                      SHA-512:DCD84221571BF809107F7AEAF94BAB2F494EA0431B9DADB97FEED63074322D1CF0446DBD52429A70186D3ECD631FB409102AFCF7E11713E9C1041CAACDB8B976
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a....4IDATx.......y...u.}...W."..(s ........p.........Q...?ql=...'.8....E.l...Y.-ah..FP.w.......__uUwuw.r.3X.z..........jcppph........O.appp..........n ..qph..88.......pd...y...!..888.##...._..C.8....Cn82...,.8...40....!7..qph..GF.2.........C.h....q#.........!7..qph.O..../_..p......B....K...`.XF.n}........S/b.._..?.XH.2q...i.}..y....c...8..b|~:WY...8....a......o...v..!.~.+8z...P.....y......2y^....!.w..C.=..'.J]..v. ..}./o..q....M...........<$.X.<)..g.gp......'.Y.I...'.x......D.(..C...m.. .:.#....$. .LdD.E...*..a..}..eih.A.....AyR...7a..2..N##DD^....Tg...;>$..tZo.....m......3.A..p....$MM.".hF.......qpX....7..F.=.k..e".G/...G~E.........4..kA.{....yN.dH)~.s...........#.W...lD.:..W}...#...kP.&...;....n......?..d....oH.....#..'a..s..D.....<.......h...y.....D..!.^...G....4.........c .;?$..6...@.....O c.......~.u...1.7......c.|..'...?/..#;.z&....T.M4.w.."....7W....

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\AVG_BRW.png (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):47501
                                                                                                                                                                                                                      Entropy (8bit):7.9807583617034075
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:ymnQh4I8TZIyg23yWlcrF+Dx3hmI7IFrVVzEUxeeizfxEO7Ncc1qB:ymnQCHRg23yQWFyx57IFRVrseizfGEOx
                                                                                                                                                                                                                      MD5:1CD4A2B4A992ACC9235D9FACD510E236
                                                                                                                                                                                                                      SHA1:A6F6331879CC8CF0A6F091CC3C66EA95D1425A57
                                                                                                                                                                                                                      SHA-256:57F2E86B2C8D9C695073CBAED29C674EF748734460A33ED04AC6888B69288B1F
                                                                                                                                                                                                                      SHA-512:AE2C4AE9E3B46C252D6BB5A9654AB25431D7239D10EF78889452E9292A8B46283AF4319749A7233D08D836B8799CF7A5C0E5AA715A4D7836E4B83167B20F6595
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a...."IDATx.......u&.....h..;.P(P.!..Q.b-hH..e..H.=...+y<.fc..l....7.....w.y......,z>..[..%...-J2..)...4H......^....q.NEe.......%23.....9'".<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<f..Rd....z..^.UH.Xf.=W-')M....g...=<<<<<..hA....'...^.-.....u...MWo9n:..%....mR...*...}.hLf...xxxxx.;@P.J...B.t[*.w..6.4:L.[..n~]~R..:.4n....62......1O &.J.T...;w....>s.{7]...<I..N.I...>)_.P...E.u.......!.4q.g]g...J..........(.f...0!..>)..W.:L..p}.t...TfR...%.R..>;yK.U.v...,#<...2...|....\. ..;..C.......1...(_...z.C|.....1...f.;.}......Cx<....qW8tC.r.G.\.... n......<<<<<..J...;.....|.;.... ^.X.9\......^......[NI.:,....:.SvF.Y.h...u......#GC......4!.n......P0q.k.A.(.n..i}td.PX......8.$!a...qEI................O......A.O(...@<.iL ....$.Y.f....U.p.c.:.....@...T..4.."n.M.....G:..o(mB.SO=%e..H....&...0\K.x|.p.....:.<ukHf.L..HDD.a..m....I.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):6144
                                                                                                                                                                                                                      Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                      MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                      SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                      SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                      SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\error.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2444
                                                                                                                                                                                                                      Entropy (8bit):7.881258656866732
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:/Cw1dpDYxwCWOVhQJqdZq4Q3TGaTmdTBZB31HqucFOpZ:/Cw1fk+OVhQqdZvQ3TGBjlH/
                                                                                                                                                                                                                      MD5:8303E7651CBD01CC413B0026ED537E6F
                                                                                                                                                                                                                      SHA1:85542365101CB85656F018CA63C894C3C56F1C01
                                                                                                                                                                                                                      SHA-256:696782A8DA306783593128B669F9E2C709030FDE555BB2703244E81CE17A31AD
                                                                                                                                                                                                                      SHA-512:11A3D9EAF8413600AC2636A1B18DCDFBF8BAA05ED7DE60AF300BC34B709DECB78D87C51F3C35484FCE7A803F7370CA45C105C0FC3066A6D6BFE702F253C36228
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...@...@......iq.....sRGB.........gAMA......a.....pHYs..........o.d...!IDATx^..pTW....]6..l~..._..e.........X..Ic[.v......FTH;4.......A..*..8)..:B:.3.D.8L..SB6.&l.d.l.]...dM......m>3.{.y.~.;..s.}O.%..[..{^~.X?4t..._..}V....O.....(.Q.|.........N..ii...S...././.h..;...+WVJ...R .e....R.$..$.%`0..(-m.nk....9......z......]....!~3j2.b..u.5!.v./7..o..Q...&.....G...t&.....1o.!...i..6..c.[.+..?.3/....>..P...}...>.P_../.t.?k......l....13j...>.{.F<..P..nl.....))1.Z.M.....Mc.i...Fu...-*15.oaa.......iz#..|V.#..n.[......W..dSj .p.hN...(....x.u..Gk....../e.>....!..M.zT..R..............y...nz..j.......!M`.....|z..&.D.+...8...vZ%9Z.M..s).&@....s...s{...11Z..j:r..o.9?...lR.k$#.|..jR........|.F....a6'.....^Wy.wq....`g.A..@.y....p.jJK.?^.....Iy.b...4...3.../..w~3..E].]w....N .<#fs..zB0.h1.........i..w(3.!..[..78.....'....UFv.-c.+9* ..e...&..'..5..VE.9.b....;.8.D.@ZI3..l..+..j....O.R\.3....*D.q6E..^...\....0..%\..h.5.......S.h.;0.....wu.|v{5"........

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\finish.png

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2298
                                                                                                                                                                                                                      Entropy (8bit):7.901998893489053
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:KqqJYpZPlBqNTopskOg2btpLDCxGBVUQJCEVgvt4E5JUl2uW6:Kq6Y7t8GCPg2f9V/kJa2u
                                                                                                                                                                                                                      MD5:1BDB17B59DD0FC8360B30C5CE46762A0
                                                                                                                                                                                                                      SHA1:70CD6AD40F2BB14822FF1DCA766BCE6B02AAA8D8
                                                                                                                                                                                                                      SHA-256:49911E40F4E80C8342524034A6A96907703EF9EF4ABDB6175AD6F93824DF6CBE
                                                                                                                                                                                                                      SHA-512:2684FE9F5DF2AC2783B6413572715E4BCCBC771590686E75FCCC80733990E68FBE468E0FB0AF78B03DB4CCD6277028564CC8CCF91DB5E65122F06FF80F20432E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...@...@......iq.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[.l.W..{vm.v;/I..v..MT....UiK..U.I..GD.1i].!4.4..&.?..J5m0..MB.$..!..nJ...*&.5......n.Y.......l...;..W.}.....}.{..{....T....}.g..-.....S.......:..B..r..j.i.]B....!..7..........m..,W.T...N...W.....W....D.y....[(.!.TU=.R........FU..6...X.=.N|]7.{u.e'Q.2G.P.>..7..^...z+.jS..>...Y....9.G...Z..W..`.ea.O./'.?m..A.B.........p.....-.2...l=.Cw.n^....I...d..........d...ei.x.[..5.x2.M.....@{)...p..x.G...;Wo.%q...6..-.J]..)...u.+..~.V..N.7.c.q8.^z.....#...wD.,..3...;..m4..^..v.r....a..<.M%.......7A...pt.y.7./.p.....I[.lQpFM...2-.X#.[u...H.9$-....>....>.F......Xl.`....."...x...6...2.X...m#-r..\,]N.g.a......xj..0Z..}......k.7P.#..:..X.'.!j.$3.o&...M.N!Y.-.bq<..t.'\..|..jx.L9..g..0....~.'9......Q...Ly;.VjF2....z.U-& ...w.^..n.^..: cW.q..f$3...LY..`.... ....._..[n....I..bL. E..u..q=...=X.>..8..~......xQ...C..c..*..=....1y.:1.R.c.GROf.....e>=?..e..&..|i...Q.........Kn..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\is-5BLK4.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):125405
                                                                                                                                                                                                                      Entropy (8bit):7.996684823256823
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:3072:U7Uc8cJ1YuWatSIyY6NCW23L2XEYL02BmusGPCeoDhL8oLvoLH:WJ1zWuSNYJWCGEK9BmPCkhfL4
                                                                                                                                                                                                                      MD5:56B0D3E1B154AE65682C167D25EC94A6
                                                                                                                                                                                                                      SHA1:44439842B756C6FF14DF658BEFCCB7A294A8EA88
                                                                                                                                                                                                                      SHA-256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
                                                                                                                                                                                                                      SHA-512:6F7211546C6360D4BE8C3BB38F1E5B1B4A136AA1E15EC5AE57C9670215680B27FF336C4947BD6D736115FA4DEDEA10AACF558B6988196F583B324B50D4ECA172
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:PK.........XQW.a..............avg_antivirus_free_setup.exe.].|TG........Mj.RH-V..6.@.....Z.....%@-....;@K(..,..STPT.T.GT...H.%..*BBQ.6Z.&...4.wf.......OZ..........}.}l..,I...#.I........4I....GK.7...Z..........~...Og>..g>.Y_...,..&...HA.?....F..9...>.|.\sJ.....N.L~.OY.......)5.......;...,~7.&...LJ6?... ....w~.|.7.>..Kx..d.{J*./....j..>....."i...6..%..t.i.M.H...&...~.oV.qO...!Qy.)......&.8......I..../&I.83Y......%K%. .'Y..+I%?H.J."...g.&/)A...^...I.]..}.'6..l.%.../.?..W..1.cH.1..}<...'...G`..t"..#.<|.\...$x.9....\.....q..'6.U..Wi..u..`.X.+i..K./...O..p.............s.G........3y.Hz.V...=-.I..\)..}.S.WW$}.\I....n.H.IR.E.{...C0...s..X'.z...W.J.iL..........i...l..$..........A$=.2=...4[J6.(..l$....f....y.g...o..:m.B...$....&...".}.r{......n&./.xdBA~d.D.....5p....g..... _Z..-b...jg.o.wMA$.2...=..5.&x.....,?..MF...2QVO,V.N..........R.^..o..o..4.hd.H..LE.SBE,.8|Eo&d..D.Vq..NK.[.[.g.K.v..D".....og.m1....x..C....b..`?2...L...t..O.t.U..l..02.v.A.G2

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\is-E6PEH.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5627506
                                                                                                                                                                                                                      Entropy (8bit):7.999949928735462
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:98304:17QO8oAkidb1l/NN3J58UTHPkAbWD56mv9Pb:17Q6A33P8AckWDogJb
                                                                                                                                                                                                                      MD5:C0EB1D6C28DAD5E8C4C84EDE4284A15A
                                                                                                                                                                                                                      SHA1:6E7F65E911B9FAB22509F4FCBA000DB0D171A5F3
                                                                                                                                                                                                                      SHA-256:93BDE5F9A327F6148A48EA1E937D17BCD2A585486CB3D3EA4D69DCAC0F638CBB
                                                                                                                                                                                                                      SHA-512:E09BE287D71C1D6B84E69EB0234B3D94A6BB64041DDFFAB09B0F9E1F861B0CF4FD82E19C7D36463722C783976A0E992ACA571A10A0BF9EAB6EF80306637A6640
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:PK...........X....U..dW.....norton_secure_browser_setup.exe.\.|S.....6iRH.@...2......b......L.nJ..Cx..QiM...qns.nn.v?..&..Th.i.:.a.lVez.T...".o.soR......Vxy..=..s.=..s_.'.,.$Y...$..O...]x...u..g..S...??ee..M%.6~...?...?y.SK>..d.vk...,.6P....~..S.n.......3..uc..x8t...s......._.{NP>.....#T>....&......LZ..2.$)..L.$.%.Y...O........8....9<R.............gE....i..g.G...!......8.1...9..-*..).P83...%.t..7}R..$..K..G..r>..#.I.,.tg.)w.C..9.....$i....N.6n.x#..';.b.Z.........?.....}k....Z.......e.n...ER|.U64..9..n.....L....+..../$..dE..Hq.#.?#.J..7.G..Kz..M.K..z..:.c....z..-.e.G;,..........G~..\...w=Z.,..o...+..=].]....H.x..z.=.+....CF..t...[.~.L....3...y..Q?.V52......P...+..U..kG..^ot(.P.....N?..g,X....U!.@n.m.......#%('+F...EH-h.=:......JZ..nmy..G..%}y..u;....|..-.C.J.}..Y.6q....V.@..E.oo>B..%&.n..0......Vu.~.....$...pk.....f*.1^Xc......Y....V..:............G,gC..a.P...2..U..5.t.x..[..X.........Xd.].G.b..}...U.1..S-..x....N!2.Q.z.......

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\is-IC12M.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):527389
                                                                                                                                                                                                                      Entropy (8bit):7.995975187354872
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                                                      MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                                                      SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                                                      SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                                                      SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\is-OLGVE.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):53151
                                                                                                                                                                                                                      Entropy (8bit):7.982330941208071
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:GcHlp3vMusTtWEgKqx8zHom+GChNPDViFKWUyG:Ggz3kTNgKq66VcFKW9G
                                                                                                                                                                                                                      MD5:AEE8E80B35DCB3CF2A5733BA99231560
                                                                                                                                                                                                                      SHA1:7BCF9FEB3094B7D79D080597B56A18DA5144CA7B
                                                                                                                                                                                                                      SHA-256:35BBD8F390865173D65BA2F38320A04755541A0783E9F825FDB9862F80D97AA9
                                                                                                                                                                                                                      SHA-512:DCD84221571BF809107F7AEAF94BAB2F494EA0431B9DADB97FEED63074322D1CF0446DBD52429A70186D3ECD631FB409102AFCF7E11713E9C1041CAACDB8B976
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a....4IDATx.......y...u.}...W."..(s ........p.........Q...?ql=...'.8....E.l...Y.-ah..FP.w.......__uUwuw.r.3X.z..........jcppph........O.appp..........n ..qph..88.......pd...y...!..888.##...._..C.8....Cn82...,.8...40....!7..qph..GF.2.........C.h....q#.........!7..qph.O..../_..p......B....K...`.XF.n}........S/b.._..?.XH.2q...i.}..y....c...8..b|~:WY...8....a......o...v..!.~.+8z...P.....y......2y^....!.w..C.=..'.J]..v. ..}./o..q....M...........<$.X.<)..g.gp......'.Y.I...'.x......D.(..C...m.. .:.#....$. .LdD.E...*..a..}..eih.A.....AyR...7a..2..N##DD^....Tg...;>$..tZo.....m......3.A..p....$MM.".hF.......qpX....7..F.=.k..e".G/...G~E.........4..kA.{....yN.dH)~.s...........#.W...lD.:..W}...#...kP.&...;....n......?..d....oH.....#..'a..s..D.....<.......h...y.....D..!.^...G....4.........c .;?$..6...@.....O c.......~.u...1.7......c.|..'...?/..#;.z&....T.M4.w.."....7W....

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\is-VOM4E.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):47501
                                                                                                                                                                                                                      Entropy (8bit):7.9807583617034075
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:ymnQh4I8TZIyg23yWlcrF+Dx3hmI7IFrVVzEUxeeizfxEO7Ncc1qB:ymnQCHRg23yQWFyx57IFRVrseizfGEOx
                                                                                                                                                                                                                      MD5:1CD4A2B4A992ACC9235D9FACD510E236
                                                                                                                                                                                                                      SHA1:A6F6331879CC8CF0A6F091CC3C66EA95D1425A57
                                                                                                                                                                                                                      SHA-256:57F2E86B2C8D9C695073CBAED29C674EF748734460A33ED04AC6888B69288B1F
                                                                                                                                                                                                                      SHA-512:AE2C4AE9E3B46C252D6BB5A9654AB25431D7239D10EF78889452E9292A8B46283AF4319749A7233D08D836B8799CF7A5C0E5AA715A4D7836E4B83167B20F6595
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a...."IDATx.......u&.....h..;.P(P.!..Q.b-hH..e..H.=...+y<.fc..l....7.....w.y......,z>..[..%...-J2..)...4H......^....q.NEe.......%23.....9'".<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<f..Rd....z..^.UH.Xf.=W-')M....g...=<<<<<..hA....'...^.-.....u...MWo9n:..%....mR...*...}.hLf...xxxxx.;@P.J...B.t[*.w..6.4:L.[..n~]~R..:.4n....62......1O &.J.T...;w....>s.{7]...<I..N.I...>)_.P...E.u.......!.4q.g]g...J..........(.f...0!..>)..W.:L..p}.t...TfR...%.R..>;yK.U.v...,#<...2...|....\. ..;..C.......1...(_...z.C|.....1...f.;.}......Cx<....qW8tC.r.G.\.... n......<<<<<..J...;.....|.;.... ^.X.9\......^......[NI.:,....:.SvF.Y.h...u......#GC......4!.n......P0q.k.A.(.n..i}td.PX......8.$!a...qEI................O......A.O(...@<.iL ....$.Y.f....U.p.c.:.....@...T..4.."n.M.....G:..o(mB.SO=%e..H....&...0\K.x|.p.....:.<ukHf.L..HDD.a..m....I.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0 (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):527389
                                                                                                                                                                                                                      Entropy (8bit):7.995975187354872
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                                                      MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                                                      SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                                                      SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                                                      SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0.zip (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):527389
                                                                                                                                                                                                                      Entropy (8bit):7.995975187354872
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                                                      MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                                                      SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                                                      SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                                                      SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\installer.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):22020096
                                                                                                                                                                                                                      Entropy (8bit):7.997743894476238
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:393216:PyviTGPqMd2s5jqwcJFOM75FbVgmaccebfTBRL7WIJDFX6ZeplPVGUy:aaAv5jq9O657x9+IJZ22PRy
                                                                                                                                                                                                                      MD5:F132CECE2FE0AD3239E188D3934FB36A
                                                                                                                                                                                                                      SHA1:8942337955E39A82AB7D9ECF4A618A478E86AC97
                                                                                                                                                                                                                      SHA-256:C0FD16FA0BB5E2D2EE23CF645A2D26026747C43269BE58B90A45DE4107E871AF
                                                                                                                                                                                                                      SHA-512:20C69C3C4216B459744CF6F11919E78F4EA5B46D90F7B7FA490B01F4947DDA23461EDE4851CDD4E6E99BD920AC6AB002C60F65A59A27D8C32F5B300F41935357
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.K=0.%n0.%n0.%nk.&o:.%nk.!o".%nk. o..%nb.!o .%nb.&o:.%nb. oj.%nk.$o5.%n0.$n..%n..,o<.%n...n1.%n..'o1.%nRich0.%n........................PE..d...^2.f.........."...........f................@..............................j.......m...`..................................................$..(........'d.....|2....i.XX....j.....p...p.......................(.......8...............p...."..`....................text............................... ..`.rdata..V...........................@..@.data....1...@......................@....pdata..|2.......4...6..............@..@_RDATA...............j..............@..@.rsrc....'d......(d..l..............@..@.reloc........j.......i.............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1184128
                                                                                                                                                                                                                      Entropy (8bit):6.623147525519113
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:WF66IUpqM/XAl0drYaL6NFEXXN6abiklqOYadJ0CbmpV4CsCa0wDisO4qG:k/M0drYaIaXXOAqOYadJ0Cbmrhq0wTb5
                                                                                                                                                                                                                      MD5:143255618462A577DE27286A272584E1
                                                                                                                                                                                                                      SHA1:EFC032A6822BC57BCD0C9662A6A062BE45F11ACB
                                                                                                                                                                                                                      SHA-256:F5AA950381FBCEA7D730AA794974CA9E3310384A95D6CF4D015FBDBD9797B3E4
                                                                                                                                                                                                                      SHA-512:C0A084D5C0B645E6A6479B234FA73C405F56310119DD7C8B061334544C47622FDD5139DB9781B339BB3D3E17AC59FDDB7D7860834ECFE8AAD6D2AE8C869E1CB9
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......2..}vn..vn..vn..-../xn..-../.n..$../bn..$../on..G2r.tn..$../.n..-../on..-../wn..-../yn...../wn...../~n...../Zn..vn..=o...../{n...../hn....p.wn...../wn..Richvn..................PE..L...V..e.....................h...... .............@..................................1....@.............................................p...............................p...................@.......X...@...............0....... ....................text............................... ..`.rdata..............................@..@.data..............................@....didat...............T..............@....rsrc...p............V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1 (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):125405
                                                                                                                                                                                                                      Entropy (8bit):7.996684823256823
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:3072:U7Uc8cJ1YuWatSIyY6NCW23L2XEYL02BmusGPCeoDhL8oLvoLH:WJ1zWuSNYJWCGEK9BmPCkhfL4
                                                                                                                                                                                                                      MD5:56B0D3E1B154AE65682C167D25EC94A6
                                                                                                                                                                                                                      SHA1:44439842B756C6FF14DF658BEFCCB7A294A8EA88
                                                                                                                                                                                                                      SHA-256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
                                                                                                                                                                                                                      SHA-512:6F7211546C6360D4BE8C3BB38F1E5B1B4A136AA1E15EC5AE57C9670215680B27FF336C4947BD6D736115FA4DEDEA10AACF558B6988196F583B324B50D4ECA172
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:PK.........XQW.a..............avg_antivirus_free_setup.exe.].|TG........Mj.RH-V..6.@.....Z.....%@-....;@K(..,..STPT.T.GT...H.%..*BBQ.6Z.&...4.wf.......OZ..........}.}l..,I...#.I........4I....GK.7...Z..........~...Og>..g>.Y_...,..&...HA.?....F..9...>.|.\sJ.....N.L~.OY.......)5.......;...,~7.&...LJ6?... ....w~.|.7.>..Kx..d.{J*./....j..>....."i...6..%..t.i.M.H...&...~.oV.qO...!Qy.)......&.8......I..../&I.83Y......%K%. .'Y..+I%?H.J."...g.&/)A...^...I.]..}.'6..l.%.../.?..W..1.cH.1..}<...'...G`..t"..#.<|.\...$x.9....\.....q..'6.U..Wi..u..`.X.+i..K./...O..p.............s.G........3y.Hz.V...=-.I..\)..}.S.WW$}.\I....n.H.IR.E.{...C0...s..X'.z...W.J.iL..........i...l..$..........A$=.2=...4[J6.(..l$....f....y.g...o..:m.B...$....&...".}.r{......n&./.xdBA~d.D.....5p....g..... _Z..-b...jg.o.wMA$.2...=..5.&x.....,?..MF...2QVO,V.N..........R.^..o..o..4.hd.H..LE.SBE,.8|Eo&d..D.Vq..NK.[.[.g.K.v..D".....og.m1....x..C....b..`?2...L...t..O.t.U..l..02.v.A.G2

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1.zip (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):125405
                                                                                                                                                                                                                      Entropy (8bit):7.996684823256823
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:3072:U7Uc8cJ1YuWatSIyY6NCW23L2XEYL02BmusGPCeoDhL8oLvoLH:WJ1zWuSNYJWCGEK9BmPCkhfL4
                                                                                                                                                                                                                      MD5:56B0D3E1B154AE65682C167D25EC94A6
                                                                                                                                                                                                                      SHA1:44439842B756C6FF14DF658BEFCCB7A294A8EA88
                                                                                                                                                                                                                      SHA-256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
                                                                                                                                                                                                                      SHA-512:6F7211546C6360D4BE8C3BB38F1E5B1B4A136AA1E15EC5AE57C9670215680B27FF336C4947BD6D736115FA4DEDEA10AACF558B6988196F583B324B50D4ECA172
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:PK.........XQW.a..............avg_antivirus_free_setup.exe.].|TG........Mj.RH-V..6.@.....Z.....%@-....;@K(..,..STPT.T.GT...H.%..*BBQ.6Z.&...4.wf.......OZ..........}.}l..,I...#.I........4I....GK.7...Z..........~...Og>..g>.Y_...,..&...HA.?....F..9...>.|.\sJ.....N.L~.OY.......)5.......;...,~7.&...LJ6?... ....w~.|.7.>..Kx..d.{J*./....j..>....."i...6..%..t.i.M.H...&...~.oV.qO...!Qy.)......&.8......I..../&I.83Y......%K%. .'Y..+I%?H.J."...g.&/)A...^...I.]..}.'6..l.%.../.?..W..1.cH.1..}<...'...G`..t"..#.<|.\...$x.9....\.....q..'6.U..Wi..u..`.X.+i..K./...O..p.............s.G........3y.Hz.V...=-.I..\)..}.S.WW$}.\I....n.H.IR.E.{...C0...s..X'.z...W.J.iL..........i...l..$..........A$=.2=...4[J6.(..l$....f....y.g...o..:m.B...$....&...".}.r{......n&./.xdBA~d.D.....5p....g..... _Z..-b...jg.o.wMA$.2...=..5.&x.....,?..MF...2QVO,V.N..........R.^..o..o..4.hd.H..LE.SBE,.8|Eo&d..D.Vq..NK.[.[.g.K.v..D".....og.m1....x..C....b..`?2...L...t..O.t.U..l..02.v.A.G2

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):234936
                                                                                                                                                                                                                      Entropy (8bit):6.580764795165994
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:y2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCoKOhh3K0Ko:y0KgGwHqwOOELha+sm2D2+UhngNdK4d
                                                                                                                                                                                                                      MD5:26816AF65F2A3F1C61FB44C682510C97
                                                                                                                                                                                                                      SHA1:6CA3FE45B3CCD41B25D02179B6529FAEDEF7884A
                                                                                                                                                                                                                      SHA-256:2025C8C2ACC5537366E84809CB112589DDC9E16630A81C301D24C887E2D25F45
                                                                                                                                                                                                                      SHA-512:2426E54F598E3A4A6D2242AB668CE593D8947F5DDB36ADED7356BE99134CBC2F37323E1D36DB95703A629EF712FAB65F1285D9F9433B1E1AF0123FD1773D0384
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......v jU2A..2A..2A......9A......LA......*A..`).. A..`)..'A...(..0A..`)...A..;9..3A..;9..?A..2A...A..;9..3A...(..?A...(..3A..2A..0A...(..3A..Rich2A..................PE..L....m6d.........."..........\...... ........0....@.................................V.....@........................................................Hl..p)..........p...p..........................`M..@............0......T........................text............................... ..`.rdata..`....0......................@..@.data...............................@....didat..L...........................@....rsrc...............................@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2 (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5627506
                                                                                                                                                                                                                      Entropy (8bit):7.999949928735462
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:98304:17QO8oAkidb1l/NN3J58UTHPkAbWD56mv9Pb:17Q6A33P8AckWDogJb
                                                                                                                                                                                                                      MD5:C0EB1D6C28DAD5E8C4C84EDE4284A15A
                                                                                                                                                                                                                      SHA1:6E7F65E911B9FAB22509F4FCBA000DB0D171A5F3
                                                                                                                                                                                                                      SHA-256:93BDE5F9A327F6148A48EA1E937D17BCD2A585486CB3D3EA4D69DCAC0F638CBB
                                                                                                                                                                                                                      SHA-512:E09BE287D71C1D6B84E69EB0234B3D94A6BB64041DDFFAB09B0F9E1F861B0CF4FD82E19C7D36463722C783976A0E992ACA571A10A0BF9EAB6EF80306637A6640
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:PK...........X....U..dW.....norton_secure_browser_setup.exe.\.|S.....6iRH.@...2......b......L.nJ..Cx..QiM...qns.nn.v?..&..Th.i.:.a.lVez.T...".o.soR......Vxy..=..s.=..s_.'.,.$Y...$..O...]x...u..g..S...??ee..M%.6~...?...?y.SK>..d.vk...,.6P....~..S.n.......3..uc..x8t...s......._.{NP>.....#T>....&......LZ..2.$)..L.$.%.Y...O........8....9<R.............gE....i..g.G...!......8.1...9..-*..).P83...%.t..7}R..$..K..G..r>..#.I.,.tg.)w.C..9.....$i....N.6n.x#..';.b.Z.........?.....}k....Z.......e.n...ER|.U64..9..n.....L....+..../$..dE..Hq.#.?#.J..7.G..Kz..M.K..z..:.c....z..-.e.G;,..........G~..\...w=Z.,..o...+..=].]....H.x..z.=.+....CF..t...[.~.L....3...y..Q?.V52......P...+..U..kG..^ot(.P.....N?..g,X....U!.@n.m.......#%('+F...EH-h.=:......JZ..nmy..G..%}y..u;....|..-.C.J.}..Y.6q....V.@..E.oo>B..%&.n..0......Vu.~.....$...pk.....f*.1^Xc......Y....V..:............G,gC..a.P...2..U..5.t.x..[..X.........Xd.].G.b..}...U.1..S-..x....N!2.Q.z.......

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2.zip (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5627506
                                                                                                                                                                                                                      Entropy (8bit):7.999949928735462
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:98304:17QO8oAkidb1l/NN3J58UTHPkAbWD56mv9Pb:17Q6A33P8AckWDogJb
                                                                                                                                                                                                                      MD5:C0EB1D6C28DAD5E8C4C84EDE4284A15A
                                                                                                                                                                                                                      SHA1:6E7F65E911B9FAB22509F4FCBA000DB0D171A5F3
                                                                                                                                                                                                                      SHA-256:93BDE5F9A327F6148A48EA1E937D17BCD2A585486CB3D3EA4D69DCAC0F638CBB
                                                                                                                                                                                                                      SHA-512:E09BE287D71C1D6B84E69EB0234B3D94A6BB64041DDFFAB09B0F9E1F861B0CF4FD82E19C7D36463722C783976A0E992ACA571A10A0BF9EAB6EF80306637A6640
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:PK...........X....U..dW.....norton_secure_browser_setup.exe.\.|S.....6iRH.@...2......b......L.nJ..Cx..QiM...qns.nn.v?..&..Th.i.:.a.lVez.T...".o.soR......Vxy..=..s.=..s_.'.,.$Y...$..O...]x...u..g..S...??ee..M%.6~...?...?y.SK>..d.vk...,.6P....~..S.n.......3..uc..x8t...s......._.{NP>.....#T>....&......LZ..2.$)..L.$.%.Y...O........8....9<R.............gE....i..g.G...!......8.1...9..-*..).P83...%.t..7}R..$..K..G..r>..#.I.,.tg.)w.C..9.....$i....N.6n.x#..';.b.Z.........?.....}k....Z.......e.n...ER|.U64..9..n.....L....+..../$..dE..Hq.#.?#.J..7.G..Kz..M.K..z..:.c....z..-.e.G;,..........G~..\...w=Z.,..o...+..=].]....H.x..z.=.+....CF..t...[.~.L....3...y..Q?.V52......P...+..U..kG..^ot(.P.....N?..g,X....U!.@n.m.......#%('+F...EH-h.=:......JZ..nmy..G..%}y..u;....|..-.C.J.}..Y.6q....V.@..E.oo>B..%&.n..0......Vu.~.....$...pk.....f*.1^Xc......Y....V..:............G,gC..a.P...2..U..5.t.x..[..X.........Xd.].G.b..}...U.1..S-..x....N!2.Q.z.......

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5727368
                                                                                                                                                                                                                      Entropy (8bit):7.987929042344586
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:BiykuiGAGbjNHbd5lbDK4pdfAstezXYCvzV:BiyKGBZhKEmyezIUR
                                                                                                                                                                                                                      MD5:F269C5140CBC0E376CC7354A801DDD16
                                                                                                                                                                                                                      SHA1:BBCEEF9812A3E09D8952E2FE493F156E613837B2
                                                                                                                                                                                                                      SHA-256:5AE1ACF84F0A59FA3F54284B066E90C8432071ACE514ACCB6303261D92C6A910
                                                                                                                                                                                                                      SHA-512:BA271257C0DBFBFD63685449A5FA5EA876B31C4F1898F85AA1BE807F1E31846D12F2162F715FC320FB014D31C15501EA71FE73B3C981E201BFA1A448FF54745C
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........18..PV..PV..PV.*_...PV..PW.MPV.*_...PV.sf..PV..VP..PV.Rich.PV.........PE..L......].................f...*.......5............@.................................$.X...@..............................................(...........;W..(...........................................................................................text...{d.......f.................. ..`.rdata...............j..............@..@.data...X............~..............@....ndata...................................rsrc....(.......*..................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):23891968
                                                                                                                                                                                                                      Entropy (8bit):7.236497962515903
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:393216:NKsbm0ApvEqrGtYHviInnmC0dGpZFE6ZFERnsW4j2SDXdfD5X3vcMiWqMDi49QLu:hqr8NInmCgltTSDX59RidMm4uu
                                                                                                                                                                                                                      MD5:22A34900ADA67EAD7E634EB693BD3095
                                                                                                                                                                                                                      SHA1:2913C78BCAAA6F4EE22B0977BE72333D2077191D
                                                                                                                                                                                                                      SHA-256:3CEC1E40E8116A35AAC6DF3DA0356864E5D14BC7687C502C7936EE9B7C1B9C58
                                                                                                                                                                                                                      SHA-512:88D90646F047F86ADF3D9FC5C04D97649B0E01BAC3C973B2477BB0E9A02E97F56665B7EDE1800B68EDD87115AED6559412C48A79942A8C2A656DFAE519E2C36F
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p.<%4.Rv4.Rv4.RvG.Qw..RvG.Ww.RvG.Vw..Rvf.Qw*.Rvf.Ww..Rvf.Vw..RvG.Tw2.Rv4.Rv!.RvG.Sw..Rv4.Sv..Rv..[w.Rv..v5.Rv4..v5.Rv..Pw5.RvRich4.Rv................PE..L...Dx:b.................t.......... g............@...........................n...........@...................................Y...... d..V....................f.....pzN.T...................h{N......zN.@............................................text....s.......t.................. ..`.rdata...p.......r...x..............@..@.data.........Z..j....Y.............@....qtmetadv.... _......T].............@..P.qtmimed.....0_......Z].............@..P.rsrc....V... d..V...Hb.............@..@.reloc........f.......d.............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\zbShieldUtils.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2060288
                                                                                                                                                                                                                      Entropy (8bit):6.6115241916592735
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:ewyBp/wFOX9xRo3HVCEd2ynjsfAXBpAK0A8BFuXJFotKLCs:eRDwIN3o3UEd2ynjsoRpAK58BFuXE
                                                                                                                                                                                                                      MD5:59D3C3A9180BA792AE2DAD18B6903CDE
                                                                                                                                                                                                                      SHA1:C8CD105D3A0E99A54D1D16F0D1F60000FA3DCA8A
                                                                                                                                                                                                                      SHA-256:DD01EDBD4368EF227693723C5E427A48B264CB57BBD07D81210D6E633E0B1B2E
                                                                                                                                                                                                                      SHA-512:D6B6358E5108654931FCB3B7920DF65C4AE65D48F9EA012C3F821BB571F821E815D86FEAB85CD55A8CE767F2F7342A512E55D03EE4041AC0BAF4FF13AD238699
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........./}..A...A...A...B/..A...F/..A...E/..A...D//.A...G/..A...@/..A...@...A...E/..A...B/..A...D/..A.%.H/..A.%.A/..A.%.....A.......A.%.C/..A.Rich..A.........PE..L...+o\f...........!.....f...N............................................................@.........................@..........T........A..............................p...............................@............................................text....e.......f.................. ..`.rdata..NL.......N...j..............@..@.data............Z..................@....rsrc....A.......B..................@..@.reloc...............T..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\AccessControl.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):26848
                                                                                                                                                                                                                      Entropy (8bit):6.652871453473559
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:qflzhxZBcukmxQN2NMBMLh2ES+9DlJshjJy0swiEVAM+o/8E9VF0Ny29:8lvcu7x7uB2R9pih1y06EVAMxkE
                                                                                                                                                                                                                      MD5:39B6A146E9DAAE870A394530B5723E96
                                                                                                                                                                                                                      SHA1:2E62DBE3A1BD65BFA245E38021F8BAEB24EA3291
                                                                                                                                                                                                                      SHA-256:2A3C3830996953E592FDC67B1F4B4F3B4194F5CA28929E577297A72A58C84A84
                                                                                                                                                                                                                      SHA-512:5C27896FAC5B37A0856379323EDA80F52154F1335DA86A966E62E28366D613687C193B6A8E37DF9C6285B1AD8137D9F4F01A550D02E74A5C4847310FAB482354
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9[..X5.X5.X5. ..X5.X4..X5.?1<.X5.?15.X5.?1..X5.?17.X5.Rich.X5.........PE..L...BcL^...........!......... .......*.......0......................................S.....@.........................p<......|@..P....`..............H@...(...p.......<..T............................................0...............................text...I........................... ..`.rdata.......0....... ..............@..@.data...L....P.......6..............@....rsrc........`.......8..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\CR.History.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):126976
                                                                                                                                                                                                                      Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                      MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                      SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                      SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                      SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\FF.places.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5242880
                                                                                                                                                                                                                      Entropy (8bit):0.037963276276857943
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                                                      MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                                                      SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                                                      SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                                                      SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\JsisPlugins.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2160856
                                                                                                                                                                                                                      Entropy (8bit):6.779350356047654
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:SdpuUEAFwL9cgRCbajymTn920aBa7deTlfRXAF3bHQpobMAjY5kH:SdpucFwL9zymTn920aBa7deJfRgbHQu1
                                                                                                                                                                                                                      MD5:916F3D54B2714E4129A786CE128DBE0B
                                                                                                                                                                                                                      SHA1:B2914CADC19CD87F1FA005D9216F6AD437FE73AD
                                                                                                                                                                                                                      SHA-256:9B2FB069FAD6A9422808C1526328A1D6305573BE9EBCC3AEAB7A38664D02AC6D
                                                                                                                                                                                                                      SHA-512:8C05F71E55D6B5F1DD797DEE852183BDBD7D7EB8D36B760C5C7413BC79D5F2C8300C41AC3DEB76F2AA497D8C86434F04F3A7DD17EA65D0E44CA5FB8E59F62416
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.............e...e...e..xf...e..x`.m.e.ka...e.kf...e.k`...e..B....e..xa...e..j`...e..xc...e..xd...e...d...e.ka...e.k`...e.ke...e.k....e.......e.kg...e.Rich..e.........PE..L....5.d...........!.........*.......s....................................... !......S!...@.........................................................H. ..(.... ......G..T....................H.......H..@............................................text............................... ..`.rdata..............................@..@.data...(...........................@....rsrc...............................@..@.reloc........ .....................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\Midex.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):129760
                                                                                                                                                                                                                      Entropy (8bit):6.686100620416484
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:wACUTz1JlJmpGB6yK4H9l4o8rr4YlixbSrZKbazG+k:wACUTz1JlopG5K4OZgeC9
                                                                                                                                                                                                                      MD5:18198BAE7294424D3607F776F5EF7B0F
                                                                                                                                                                                                                      SHA1:5EBC82D4C91ED2736F98AED57EB8578F0F225C33
                                                                                                                                                                                                                      SHA-256:6078F5FDCC332F617773AAE89AC3DB0888A0360A32BB6D9431D716471D1C480F
                                                                                                                                                                                                                      SHA-512:507D625C0643165B12A2C0EA01765445AD632136DA0A40B14EC36B0E1794D3ECE43CE482B5E4C9281565AE3BF226C60FBA5A25C085430EC5F1D17B7563CAA4A8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................\P5.....\P7....\P6........................W............r.......r.......r.;.......S.....r.......Rich....................PE..L....lL^...........!.....:...........E.......P............................... ......"-....@.........................0...D...t...<...................H....(.......... ...T...........................x...@............P..L............................text....9.......:.................. ..`.rdata...p...P...r...>..............@..@.data...t...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1910576
                                                                                                                                                                                                                      Entropy (8bit):7.58137479903026
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:hbGcPcWSOwiGJ+aKznZOqbU3tFKU+9wOKXd9AVjrr:xGGcWSYGJ+94iU3tIU+qOs
                                                                                                                                                                                                                      MD5:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                                                                      SHA1:EBD3E4A1A58B03BFD217296D170C969098EB2736
                                                                                                                                                                                                                      SHA-256:2A97CB822D69290DF39EBAA2F195512871150F0F8AFF7783FEA0B1E578BBB0BA
                                                                                                                                                                                                                      SHA-512:1B204322ACA2A66AEDF4BE9B2000A9C1EB063806E3648DBAB3AF8E42C93CA0C35E37A627802CD14272273F3F2E9BC55847DFA49FC6E8FFB58F39683E2446E942
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].T...:...:...:...9...:...?...:...>...:.K.>...:.K.9...:.K.?.).:.A.3...:...;...:...;.n.:.A....:......:.A.8...:.Rich..:.................PE..L...]..d.................n...J.......R............@.................................u.....@.....................................x.... ..|...........H....j..............T...........................@...@............................................text....m.......n.................. ..`.rdata..Fr.......t...r..............@..@.data...............................@....rsrc...|.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\StdUtils.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):200416
                                                                                                                                                                                                                      Entropy (8bit):6.688698057656482
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:sRXOjZpSOAPrzjyfvwyYUDBftoJiEqNuozAsWFFowXV8xBY90JZx4INb54UVuH7d:OOdpSOGvWjbLtBwF8TJL4IxVuH7xlh
                                                                                                                                                                                                                      MD5:F2AAC54C495BD4566228E5CC2CBBFE97
                                                                                                                                                                                                                      SHA1:3DBFCA2AB60C17B1A0FCF3E6B8EE7AD18173FED7
                                                                                                                                                                                                                      SHA-256:22AE097B02F02A7C2151B113DD5756965D3857A148DF19C745D4DA2A4887B292
                                                                                                                                                                                                                      SHA-512:FEFFFD62B4735D7AF459A771FFB73AF8AB0BE8CD08C1BA6B009D28CF9F97AD138976F628AE28600CCA0FF10B7FFFA63B94E34EF4328623A28F8088F028597BFA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........f.................................x...g,.....,.......,.................a..........,......e......e.......e...............e.......Rich....................PE..L.....l^...........!................\........0............................... ............@............................T...$.......................H....(..........0...T...................,...........@............0...............................text...8........................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\inetc.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):38112
                                                                                                                                                                                                                      Entropy (8bit):6.31022202046075
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:sEE9m7Lbg4nqAYYDqAvELv5TGjgy06EqAMxkE:sEJnbpnBDBED5TjxIx
                                                                                                                                                                                                                      MD5:5FDB8BD2FE89ED7B03F2DBE64D5F51EC
                                                                                                                                                                                                                      SHA1:355AF194C6C003ADD61808F7D65C104C3B221AC5
                                                                                                                                                                                                                      SHA-256:4A926AAD3FD97366E164E92CC0D37F76E6ED348757F72EDA499C3DE19671BCE3
                                                                                                                                                                                                                      SHA-512:FA177B5710E2479C59E7E0A6047D69C09D565905105D08F983840B0E77209DB0B8DF6646FE9827997619015888B536F7CC0B1654F6AAD383B2A571C4694274E1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...z.q,z.q,z.q,...,s.q,z.p,/.q,..t-x.q,..u-{.q,..q-{.q,...,{.q,..s-{.q,Richz.q,........................PE..L...B.b^...........!.....6...|.......2.......P............................................@..........................W..l...xY..d...................Hl...(......p...PW..T............................................P..p............................text....4.......6.................. ..`.rdata.......P.......:..............@..@.data....V...p.......L..............@....rsrc................Z..............@..@.reloc..p............d..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\jsis.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):130784
                                                                                                                                                                                                                      Entropy (8bit):6.313676957875236
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:33Zk9fOAewM0+W8NVH28fB948igEWo8P+fidx:33qNOApM1G8fBpidWZ
                                                                                                                                                                                                                      MD5:4A98ACC5AD0E701E3289231FDB253A5D
                                                                                                                                                                                                                      SHA1:A8E7452658EA0777CF838FEE2ABEC806B147E832
                                                                                                                                                                                                                      SHA-256:E9B0AF410098EFA3848CCCA171C6933C70FF06B241F3806FD3816EAB5757BEB6
                                                                                                                                                                                                                      SHA-512:1213061966D9858467CEEA746EEE2A00CA381CC693457E347D58BEF7996DAD4F5EE7412FCC2A4E48F96256445D966141F2BCA993132FCE4402142A57114D8AB3
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.Q.'.?.'.?.'.?.....4.?.'.>...?...;.2.?...?.&.?.....&.?...=.&.?.Rich'.?.................PE..L...^<.e...........!......................... ............................... ............@......................... #......`6......................H....(..........."..T............................................ ...............................text............................... ..`.rdata..@%... ...&..................@..@.data........P.......8..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\jsisdl.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):25816
                                                                                                                                                                                                                      Entropy (8bit):6.714415723163507
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:Ej42b45gg3PClGaGU8D1sNy06EdAMxkE6:Ej42bggA6bg1yx1xW
                                                                                                                                                                                                                      MD5:E149A8BCD017059151E37881A442ECBE
                                                                                                                                                                                                                      SHA1:53AFEE6CC4B8098BE98B199D6B2148B0B48D247A
                                                                                                                                                                                                                      SHA-256:2AA66C5745BBF99412C735C601B9592DCE1EF6C888D76EC0FD817D580EB0CB07
                                                                                                                                                                                                                      SHA-512:8F8340678C78F2BA1C4D18F6A108B97F0516A32EF379735C7DAC5B23595B809DEC3FCA87551B107E33637B56107540293166729325BC6EF131C0F968278A61C2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9]..X3.X3.X3. ..X3.X2.X3.?1;.X3.?13.X3.?1..X3.?11.X3.Rich.X3.........PE..L.....b^...........!.........R.......%.......0.......................................f....@..........................0..d....2..P...................H<...(...........0..T............................................0...............................text............................... ..`.rdata.......0......."..............@..@.data....D...@.......(..............@....rsrc................4..............@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\nsJSON.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):37600
                                                                                                                                                                                                                      Entropy (8bit):6.707926977853279
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:K1vTYFHvlhqjbm8oEHB6hC+/3P4LA27bRpqy06EHAMxkEk:K1bYPHqu7EUhL27bT8xnxw
                                                                                                                                                                                                                      MD5:52B19EAA9500F892FD83F8012D705701
                                                                                                                                                                                                                      SHA1:FB06D3004A4AC2C937E878A0AC3285ECE4E305FE
                                                                                                                                                                                                                      SHA-256:081F0B9830921894DF2D8920AF6D7069C8F2298622AFC954731A58C4E2423391
                                                                                                                                                                                                                      SHA-512:82632417A41D9F593C62B8E850E824749BABCF3480C5663767477097B27C680A72CAECBCB7C9F88061FA2C998A99FB3DAFB5A5796CAB464DF4E945FA93D267B6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>E..P...P...P.......P...Q...P...X...P...P...P.......P...R...P.Rich..P.................PE..L....6.a...........!.....H...........*.......`............................................@.........................pi..H....l..d...................Hj...(...........i..T............................................`...............................text...AF.......H.................. ..`.rdata.......`.......L..............@..@.data...$............^..............@....rsrc................`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\reboot.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):26840
                                                                                                                                                                                                                      Entropy (8bit):6.837130188655359
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:NimyF0m1ZSB69hT0JLbQjCPR28t5zKIBPUJy0swiEv9AM+o/8E9VF0NyTP2:Nil2EOPQATrRBcy06Ev9AMxkE92
                                                                                                                                                                                                                      MD5:B951C5DE3420EA1B7FC980DE0F16A606
                                                                                                                                                                                                                      SHA1:47729AD26FBDDEE96DD5D29E161852CEA5B94A25
                                                                                                                                                                                                                      SHA-256:7CD1263FAE809FF7BD3F359008661314C9D35C1F6062AF9C81C3130F562BC2AE
                                                                                                                                                                                                                      SHA-512:D3C5D890A550B884C81A5C2A2A19E25E7A6BAEA9E2C13AD5A8D5B624D21FF5865253354D1AE60F7CA1D088AC2035EB4D4585A9AF16C549AF89DC0D7FFCF2CB74
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z.0.>f^.>f^.>f^.7...7f^.>f_. f^...Z.8f^...^.?f^.....?f^...\.?f^.Rich>f^.........PE..L...c.b^...........!.....*...........4.......@............................................@..........................@..`....B..d....`..............H@...(...p.. ....@..T............................................@...............................text....(.......*.................. ..`.rdata.......@......................@..@.data...0....P.......4..............@....rsrc........`.......8..............@..@.reloc.. ....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\remoteResponse.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):763
                                                                                                                                                                                                                      Entropy (8bit):4.752692714428726
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:YiKwpqL1sjhSG2qwpHgZaJzEGBrwTSJ0GddZaExdcuevifHZAZiDD:YiKwkHgI5tBu6BdKEXe6vZciDD
                                                                                                                                                                                                                      MD5:3735E7EC3259FAD316714BD2BA27FF6E
                                                                                                                                                                                                                      SHA1:26CC354F831A3D6D5C355583123EC98742593449
                                                                                                                                                                                                                      SHA-256:AA389A17955B156C08D3B4ABFD1AE260C33E0F106A5B051B1964667194D0F788
                                                                                                                                                                                                                      SHA-512:26AD41DE916FD815CDA9F3E46D300DB757A47A7CEDAF7914A5DBC71B4F4B934E3E732D799689B755C28C21757B6C26BF12E75D5997305D4241AAE154732E1B17
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"av_extensions_native":"lhnnoklckomcfdlknmjaenoodlpfdclc,dmfdacibleoapmpfdgonigdfinmekhgp","campaign_group_id":"2911","campaign_id":"29239","country_code":"US","register_install":1,"remote_disable":"0","request_uuid":"8a354b02f8ac40ae90d83b5b2650888f","search_provider":"yahoo.com","search_provider_google_client_id":"NULL","setting_enable_bankmode":1,"setting_force_default_win10":"1","setting_heartbeat_install":1,"setting_import_cookies":"1","setting_import_settings":"2","setting_install_background":"0","setting_launch_install":"1","setting_launch_logon":"1","setting_popular_shortcuts_v2":"0","setting_shortcut_desktop":"1","setting_shortcut_startmenu":"1","setting_shortcut_taskbar":"1","update_retries":2,"utc_date":"20241224","utc_timestamp":1735038373}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\sciterui.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):6398680
                                                                                                                                                                                                                      Entropy (8bit):6.757721296323737
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:yTvkQ/nTstrpzpNBcSrMVudcoCL+34a5eB2atknfQJlH7ixiu1aqrqNCwL9BlK5p:yTvkTLVTAudcoJheBnknfFrqNVMu
                                                                                                                                                                                                                      MD5:269EDAF14B5B99A0869A5480DEC9D9D2
                                                                                                                                                                                                                      SHA1:B9F8CE759CADA0874EA2181751E05899658E34BC
                                                                                                                                                                                                                      SHA-256:9752FAB0F93CF571407A4954ED46C0D5F5B1A858BEBD551231D2D21C707BEF70
                                                                                                                                                                                                                      SHA-512:682AE7AE6B4A03DC0EE447E35DA73EF0CFC488984047FD6551D89634382A10F18F84A84B9868484CF1586AEF35634C00F5D3CA083954954127DC59992C33E2DD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h..............|~..............|......Rich............PE..L...3I.e...........!.........xa...............................................a.......a...@.......................................... ..8ta.........Hza..(..............T............................................................................rdata..............................@..@.rsrc...8ta.. ...va.................@..@....3I.e........_...T...T.......3I.e........................3I.e........T...........RSDS..i....E../'.K......D:\work\d58bb94b48143cdc\Contrib\build\out\x86\MinSizeRel\sciterui.pdb..............................T....rdata..T........rdata$zzzdbg.... ..P....rsrc$01....P!...ra..rsrc$02................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\thirdparty.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):95968
                                                                                                                                                                                                                      Entropy (8bit):6.540971049765208
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:uqNkPugFq0hRqcS+rYS0wreCmbsWmXKcdCbAKPz7VPxzxm:uqN0u8q0hRqhcelwXLyAKPz79W
                                                                                                                                                                                                                      MD5:5D1F1A9575A20E6273D3F1553378DA7C
                                                                                                                                                                                                                      SHA1:97E28C80F8C4DED7F91198B677A02491158F85EE
                                                                                                                                                                                                                      SHA-256:DD9B241E2F8CDC6C9A098AF68EC462850EBBC4391ED57967B37A4CCBC0100A27
                                                                                                                                                                                                                      SHA-512:14BD97CBD1328010E9D613EE1CEC13A9C7008F7C26739C5B054B77D6BF2A41FE8B73FD6D9438228DAE70632838AF898AF26B5A0A73A1387E8E4F5FB7A3CD8AC5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........f......................................................,.......,......,.......................................Rich............PE..L....d._...........!.................g...............................................c....@......................... >..|....?......................HN...(......`....6..T...........................(7..@...............t............................text............................... ..`.rdata...g.......h..................@..@.data....2...P.......0..............@....rsrc................8..............@..@.reloc..`............<..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsiA84B.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):18749398
                                                                                                                                                                                                                      Entropy (8bit):5.540150296150122
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:196608:pP8TvkTLVTAudcoJheBnknfFrqNVMuEdpucFwL9z2a7deJfRc6cWljaF9IU+Js:zXBAudcoJ59rqNVMy2G6TS9I1J
                                                                                                                                                                                                                      MD5:78904B99D2C9AC6CA1B032CDEDED3816
                                                                                                                                                                                                                      SHA1:18E5A79B33D5A47536CFC21DE500949530B5A060
                                                                                                                                                                                                                      SHA-256:4043AF6E29B8C64380A471B6D4F74462421925DC3501FF26C1A629B3753B091C
                                                                                                                                                                                                                      SHA-512:0F35D1C96E672CEC9F8479F65616B061A07A52FC9333C4457CDE80EE67C133D871D38636EB7ED39931D6E6050A540767B74F957D0016220D213797EA92980BB6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.vs.....,....................{....a......Cs.,....vs..............................................................i...o..{o...o..............................................................................................................................................................................x...j...............................................................................................................................G.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsjB8F6.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):700
                                                                                                                                                                                                                      Entropy (8bit):4.727166525039482
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:YWLSHkawuhTpOPWJn9wuhzVuPWJe9zwuhkPWJECwuhD7PWJGwuhzPWGk+c94GniX:YWLSHk/DOJeQVuOJe9cnOJAs7OJ7oOGn
                                                                                                                                                                                                                      MD5:359CCE9C2DF62868BF4096E887993CB7
                                                                                                                                                                                                                      SHA1:F3683EE9E7ED5CFC3570D9AAF769EEF6F4FA3A95
                                                                                                                                                                                                                      SHA-256:FCD6CEBFE6E9D8BDDF1C4B09771D7D849F2FDC105F991337E45D6AA82F33B627
                                                                                                                                                                                                                      SHA-512:A5E99FA8AA18E6A7CEB7CFB0C99DC99B606567AD1DDC3BF5AB81D18502F513A9D96D264552F81508317778216B4A4360D87E96AFF302CC7F7FE1DF92C59A6737
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"version":9,"engines":[{"id":"google@search.mozilla.orgdefault","_name":"Google","_isAppProvided":true,"_metaData":{}},{"id":"amazondotcom@search.mozilla.orgdefault","_name":"Amazon.com","_isAppProvided":true,"_metaData":{}},{"id":"wikipedia@search.mozilla.orgdefault","_name":"Wikipedia (en)","_isAppProvided":true,"_metaData":{}},{"id":"bing@search.mozilla.orgdefault","_name":"Bing","_isAppProvided":true,"_metaData":{}},{"id":"ddg@search.mozilla.orgdefault","_name":"DuckDuckGo","_isAppProvided":true,"_metaData":{}}],"metaData":{"useSavedOrder":false,"locale":"en-US","region":"default","channel":"release","experiment":"","distroID":"","appDefaultEngineId":"google@search.mozilla.orgdefault"}}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\{01288569-79D1-4166-8789-EAD05C40E973}-NortonBrowserInstaller.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):22087663
                                                                                                                                                                                                                      Entropy (8bit):7.999939816360128
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:393216:OR08TuZmD7K8vvucXjcJzvjqxZbYNZ8UGE2uE4uQRYP2OPbUFPyv4:G08Qm/SzL0Zspeh41R4b25
                                                                                                                                                                                                                      MD5:895DB5D27F6610FA644146788232FF98
                                                                                                                                                                                                                      SHA1:D1F7E5E4236C246DC38CDB63500CA898EA6AD71F
                                                                                                                                                                                                                      SHA-256:DE27B7F6C472C16097F8519B89E557C07803F51B5D1EEB5F033DBC42504EFE55
                                                                                                                                                                                                                      SHA-512:EFFF93B9E9DF32122D51FD5562D7D74835597452D2AF983F61B3B7BAE72FFB11313AE434AC6C5FF6D2CB3B396BFBFB460C0F20BC7B5BFEC66732C7B8B1E7E5C0
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....Qg.........."......0....x................@..............................y.....%=....`.................................................PG..P.......p.x..p......H2y.......y.$....F...............................@..@...........pI...............................text............0.................. ..`.rdata.......@.......4..............@..@.data........`.......F..............@....pdata.......p.......H..............@..@.retplne.............L...................rsrc...p.x.......x..N..............@..@.reloc..$.....y......0y.............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):148
                                                                                                                                                                                                                      Entropy (8bit):4.956990546325947
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:wVXR5KBVYbUM6XOFdfXRky5sR5KBVYbwQD7WtdFGWKP8XnsKEx2PnjXOov:gB5n/6XOFdfmr5np7mdfbsKEQPnjXOy
                                                                                                                                                                                                                      MD5:FE179A07A7E117F1680F655E6DF765DA
                                                                                                                                                                                                                      SHA1:308A460802D78310C38CCC46B8D822ECA38A5F76
                                                                                                                                                                                                                      SHA-256:E44583C8E9E5DAB3988268EF463643894F5C04C246E28A255674BED1F52A2C74
                                                                                                                                                                                                                      SHA-512:258DA9D07DC0A83BC190451E72980CFA03427FE0FDCFD70206680B3F07960137ECFF1019B15D07C134C72E4EC6AC761BC32CF28CDF263CC6EC1F018BDE0CD82B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:(N) 2024-12-24T06:06:11 - qBittorrent v4.4.2 started..(N) 2024-12-24T06:06:11 - Using config directory: C:/Users/user/AppData/Roaming/qBittorrent..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\{22B2FA16-5487-42F3-A680-E5BF7E96ED24}

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      File Type:HTML document, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):372
                                                                                                                                                                                                                      Entropy (8bit):5.474168193946289
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:hxuJzhqIzyYk+qRU4zEdxXZiqNpGeNEYEQQpFMq8hJg9O/UUlcnApu9MK34QL:hYXc4xXgqmeNs3Mq8M0/TYL9LIQL
                                                                                                                                                                                                                      MD5:81F34AEAC3875A2FF1D9DC4E9E7B5548
                                                                                                                                                                                                                      SHA1:B9D893B1904D5A15CE7AEA9F2C4BA9BBEB18AE86
                                                                                                                                                                                                                      SHA-256:2999599AFF98E493CA4C6F2F83A5DBCE7FA722E6633849C66C924D7E939B089A
                                                                                                                                                                                                                      SHA-512:70B21D6E4EAB25DD7B16FC6B3B6FFBCCFFB39282E9E70C3356F0BEF7F3ED20247C8661C50A5FB99D597B1DEC9DBD5EC3F34F6D5B239F2CE98EDAA6ECD90975D2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<!DOCTYPE html>.<html lang="en">.<head>.<meta charset="utf-8">.<title>Error</title>.</head>.<body>.<pre>Cannot GET /service/check2&amp;appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&amp;appversion=1.8.1649.5&amp;applang=&amp;machine=1&amp;version=1.8.1649.5&amp;userid=%7B080202C6-0391-4360-89E1-C3B86776D125%7D&amp;osversion=10.0&amp;servicepack=</pre>.</body>.</html>.

                                                                                                                                                                                                                      C:\Windows\Installer\6ff020.msi

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                      Entropy (8bit):3.710330368678027
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                                                                      MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                                                                      SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                                                                      SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                                                                      SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Installer\6ff023.msi

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                      Entropy (8bit):3.710330368678027
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                                                                      MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                                                                      SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                                                                      SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                                                                      SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Installer\MSIF178.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1629
                                                                                                                                                                                                                      Entropy (8bit):5.667666112275078
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:VrEV9KJnuEyYGoYD8SFoeUlqnmV9aXuqguEVltWJcXhV9oRXVM:JpGyw2er8MEPgFk
                                                                                                                                                                                                                      MD5:4BC9761F62A9F67FABEC3713FEE4CFD3
                                                                                                                                                                                                                      SHA1:29FF0E7A6C2E5037057733C1641E2C5D48CAAFB0
                                                                                                                                                                                                                      SHA-256:1E0EA670CB74C5065DCA0368CDD5C4039A342A13021B96D0630F4C4B45ECD258
                                                                                                                                                                                                                      SHA-512:1F232272676487B7B6CBE4A49F141BF6BEDEE0B16CAF150E0523872B6A57F5BDE496C6290C23E4F7D999BC5E1B6A6209A1E9D441D913C767CB2626FD650BEA27
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:...@IXOS.@.....@.0.Y.@.....@.....@.....@.....@.....@......&.{469D3039-E8BB-40CB-9989-158443EEA4EB}..Norton Update Helper..NortonBrowserUpdateHelper.msi.@.....@q....@.....@........&.{F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}.....@.....@.....@.....@.......@.....@.....@.......@......Norton Update Helper......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{717B7059-A988-492F-AF1B-DCF70BE809AB}-.02:\SOFTWARE\Norton\Browser\Update\MsiStubRun.@.......@.....@.....@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]...@.....@.....@.3..$..@......SOFTWARE\Norton\Browser\Update...@....%...MsiStubRun..#0....RegisterProduct..Registering product..[1]......Please insert the disk: ..required.cab.@.....@......C:\Windows\Installer\6ff020.msi.........@....H...C:\Windows\Installer\6ff020.msi&.{469D3039-E8BB-40CB-9989-158443EEA4EB}..&.{95

                                                                                                                                                                                                                      C:\Windows\Installer\SourceHash{469D3039-E8BB-40CB-9989-158443EEA4EB}

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                      Entropy (8bit):1.1713788867517478
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:JSbX72Fj2OAGiLIlHVRpIh/7777777777777777777777777vDHFiqjBER9JTrlN:JDQI5w0OB49YF
                                                                                                                                                                                                                      MD5:750A3B18DF24372565B5096046849397
                                                                                                                                                                                                                      SHA1:3E3FDC8DBDD4B9584FFAC42ABE7E71E8CCAB467A
                                                                                                                                                                                                                      SHA-256:3721B6CDB1733ABF8581A8557B2D3C2FCF42D6A7C642D2CBA790EF86044B4076
                                                                                                                                                                                                                      SHA-512:3EE37EF2C4AA087AC56D09247C74CF9C37D890E71F5737F0491343078F75150F876954B2D9A7B79F09895D9D01AA47B5C61F96D0939AB58B3B49188E839D8BD0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                      Entropy (8bit):1.453692185776558
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:p8PhNuRc06WX4UFT5TdaoYS7qdtCSIN8lgk:khN1kFTioYsk
                                                                                                                                                                                                                      MD5:2431DD85E2B5130915159F1A322B08BD
                                                                                                                                                                                                                      SHA1:1965F2A0E1BF4F33D6B5A950C3316AF6A0B03696
                                                                                                                                                                                                                      SHA-256:55F05CBCB5E767572913F1AE2516F3B1F413D7BC3A289FDC3123013999D4971A
                                                                                                                                                                                                                      SHA-512:B249D47538607DC175C56805C10D775C99057518B6C8C9DEB19FE3142CB48DB9CCA6C5E5C0AFBC2AFCF419F3C9D55F70CF76CA3433D24091426BF4DED0E362CD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):432221
                                                                                                                                                                                                                      Entropy (8bit):5.375165069771234
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgauv:zTtbmkExhMJCIpEr2
                                                                                                                                                                                                                      MD5:083950E0BD0673418FE477B7D4E0A6B7
                                                                                                                                                                                                                      SHA1:47D055F4D672F121BB007F67955F93D2AA4CB9FD
                                                                                                                                                                                                                      SHA-256:C93DA5F635DCBF824049836EC83C044411A1099F7B2113DB446E1D157A488ED1
                                                                                                                                                                                                                      SHA-512:4E32F6715669F38BFFFBE282F0444CBFCDD6202181B9F612B03B35D0654C3FD9D6E97C07E7780DDDF127D94DAC7123C9985EFDDCA969FCC5AA42ED6EEF1BEE48
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                      C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):55
                                                                                                                                                                                                                      Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                      MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                      SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                      SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                      SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\bug_report.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5944648
                                                                                                                                                                                                                      Entropy (8bit):6.511430665598052
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:rBOxB4b6hbZa5cvkDNiZ9yN/OA+13rIF3TY1Tlm:rBcuV5fDoZ9yN/OA+13rIF3T2U
                                                                                                                                                                                                                      MD5:088319BBB8483A4AB883B3EAA6D322A3
                                                                                                                                                                                                                      SHA1:8F99BE88AA96D5F31E2408779C2082A586140C0F
                                                                                                                                                                                                                      SHA-256:AA901643995C786C0598CE59C6EDC19D0202EF4A3A8A0CB0C1A22E961735099A
                                                                                                                                                                                                                      SHA-512:BAA4842408362B600C6F6BDD7F66DDA9F4690F95844ECFCA12CE8619FB0C6C0407C1188C76D414F4006DBD9BCBD6E490DA6637F7383DBD156A493B6CB33035E8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........[.5...5...5.w.6...5.w.0.z.5..-...5..-1...5..-0..5..-6...5......5...1...5.n.1.?.5.f.1...5...5...5...0...5.n.0...5.w.1...5.w.4...5...4..5..-<..5..-5...5..-...5.......5..-7...5.Rich..5.........................PE..d....BHg.........."....&..=..d.................@..............................[....../[...`...........................................O.......O.h.....Z.......W.....H.Z..+....[..v.. .G.......................G.(....G.@.............=..............................text.....=.......=................. ..`.rdata........=.......=.............@..@.data.........O..B....O.............@....pdata........W.......W.............@..@_RDATA........Z.......Z.............@..@.rsrc.........Z.......Z.............@..@.reloc...v....[..x....Z.............@..B................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\config.def

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):579
                                                                                                                                                                                                                      Entropy (8bit):5.420426163811309
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:2AcW1OPqygANI+xzYN/pBM4b0a3Uk74YrTpuROfzZMVxYnuiqdQulUUyrZaLk:rVAJI+dspq4NUksYr1uALqVxYnuVmUyT
                                                                                                                                                                                                                      MD5:173270F3089BF6034FC92088D6DCF89C
                                                                                                                                                                                                                      SHA1:AC76FCB0656F834B3885B904D7D56E03C540D19B
                                                                                                                                                                                                                      SHA-256:26CB6BEF15DFD9BE0ADA61AF5F78F3C9AF378E0DFCBA7AC82A9687268F59C2DD
                                                                                                                                                                                                                      SHA-512:A0D1A171DB7F230F68C9AE9FB4FFACD65C5FCACBFDE717497D06AAF8722CD19ACD395A34DE6B106766EE8AB259E9E38926E98CBC4B6AABE5A96944535D729FAF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:[ui.offer.actions]..url=https://ipm.avcdn.net/..[ui.offer.welcome]..loadtimer=10000..url=https://ipm.avcdn.net/..[reporting]..disable_checkforupdates=1..report_action_ids=RID_001,RID_002..[common]..after_run=1..config-def-url=https://shepherd.avcdn.net/..report-url=https://analytics.avcdn.net/v4/receive/json/25..wait_for_net=60..[ui]..enable_survey=1..[updating]..conceal_hours=1..fraction=100.0..updatable=1..[Signature]..Signature=ASWSig2A588B6BC0DE03C9E59882D00BDADE9E83F2814DB13B70BA18D1DDEB88B7E6B157468EC649853ABD1CB908465E40D29BA47D917D25A4AFDB2DA4ED2513FCFD5ABFASWSig2A

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\dump_process.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3531080
                                                                                                                                                                                                                      Entropy (8bit):6.522879430230983
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:/4ZVltpGu1verv550rDSbIhWeeNErYajCtiZH6AKgtMtchtNaJtGycT+XJlktvTr:/uXIbpI1BGtidJtBo
                                                                                                                                                                                                                      MD5:621737307656F95EE47A8FD88F653DEE
                                                                                                                                                                                                                      SHA1:007EAB8401237C014EB2A3942220AD83C6AC9A23
                                                                                                                                                                                                                      SHA-256:2F8A779D146017868E5DD4E67083675DA9AA5B94A174D8B56C33F58F1EE4FD08
                                                                                                                                                                                                                      SHA-512:9D9B29F28B203D371CE65E9395CA67856E5D7952BE46F5C54F05B13545FDCEF7C8C4FC084E239F78B0C4BC21680986D313BCE32EDDD07157FEF7386D601BE24F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........~...-...-...-j..,...-j..,...-j..,...-..0-...-...,...-...,...-...,..-..^-...-{..,...-...-...-...,...-j..,...-s..,...-...-P..-...,Y..-...,...-..2-...-..Z-...-...,...-Rich...-........................PE..d....BHg.........."....&.. .........`..........@..............................6.....=:6...`........................................../,....../,.......4..Y... 3.,...H.5..+...06..U..x.'.......................'.(...p.".@............. .`...p,,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data.......`,..4...@,.............@....pdata..,.... 3......t2.............@..@.didat..P.....4.......4.............@..._RDATA........4.......4.............@..@.rsrc....Y....4..Z....4.............@..@.reloc...U...06..V...`5.............@..B........................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\icarus.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):8425288
                                                                                                                                                                                                                      Entropy (8bit):6.449288731687494
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:m0Lwb72hqfl95H41bgHJdEOKyjhlqAkwjJ2UpIYrchS:m0Lwb72Efl95H5SOKyjhlqAkwjJppF
                                                                                                                                                                                                                      MD5:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                                                                      SHA1:667DD38F434B7E7B334C203E06B87892002AA3B0
                                                                                                                                                                                                                      SHA-256:3BA8FBAC3885AA994B335C77D2F1544C6A87420EDC8B0F047B3E46CB527223B1
                                                                                                                                                                                                                      SHA-512:C5E67816FC905836D178A8CFCE7585E383F822987E45BF9078E834BB625ED745918615DB8B83DA34FFB7EE46004F579B4CC2B50BD544249E775BF88D4836385C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$..........Z...Z...Z........\.I.V...\...I...\...H...\...'......J......|.......Y......R......Y...S.'.X.......@...........Y...Z...W......[......[......G...Z......0...@...0...[...0.K.[...Z.#.X...0...[...RichZ...................PE..d....BHg.........."....&..Y...&......t2........@..........................................`.........................................0.r.......r..............P|..x..Hd...+............g...................... g.(....7^.@.............Z.......r......................text.....Y.......Y................. ..`.rdata...H....Z..J....Y.............@..@.data........`r......Br.............@....pdata...x...P|..z...X{.............@..@.didat..p.............~.............@..._RDATA................~.............@..@.rsrc.................~.............@..@.reloc..............................@..B........................................................

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\icarus_product.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):891720
                                                                                                                                                                                                                      Entropy (8bit):6.585338360673374
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:Doke10t8BAFF101+6zAdrZ6WhyBsrTDu+iGVTCCz/Yph0lhSMXlit+oc3q8+a/7:0TZU1A+6zCHC0bzmh0lhSMXldx3N/7
                                                                                                                                                                                                                      MD5:A3E668864285E04A02573E622C124942
                                                                                                                                                                                                                      SHA1:81498BDE4114F03F9AA5F6CA6097F9616689341C
                                                                                                                                                                                                                      SHA-256:689C118B8824D399F4A54875C30CD47AFAE467D96E571CF0DA47B775DA21231A
                                                                                                                                                                                                                      SHA-512:2DC8124D1F360B4B5708AA72203EBC6786E6A9CC34C8006895ECBB43E457ABEC5CF5967CD62D9D50E6406BFAB44DE699E968DF5178D82FDE98B75B399EB3AFC0
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........h..........|{....|{.x....:......................|{.....|.....q....e|.....qT.....|....e|....m|..........e|....|{.....|{.....................8......P.........Rich...........PE..d....BHg.........." ...&............................................................wd....`A................................................0................p...k..Hp...+.....................................(.......@............ ...............................text............................... ..`.rdata..j.... ......................@..@.data...........J..................@....pdata...k...p...l..................@..@_RDATA...............X..............@..@.rsrc................Z..............@..@.reloc...............`..............@..B........................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\icarus_product.dll.lzma

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:LZMA compressed data, non-streamed, size 891720
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):330898
                                                                                                                                                                                                                      Entropy (8bit):7.999463671306361
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:6144:2Q4TuG9pskki5VyWURdHTW0NLFcUQMsnH41fWafmyYAywiWPt8VAi7h:2FXsiQRdz3NLPQMLsY6wi/VB7h
                                                                                                                                                                                                                      MD5:A93333D33435FC21F66C0EA7D0922EFF
                                                                                                                                                                                                                      SHA1:D3EC2C8028194993EF842A43ADDE39F56384AD93
                                                                                                                                                                                                                      SHA-256:AEE57B1F33AB198785BF833B178A13279A33FF13F49E6F9B7FC1A87E979ABEB7
                                                                                                                                                                                                                      SHA-512:1813E2B7FA9C11DD0F7474F891BD72A50E3703D9D313B71C779D68D39E227C6E7A2CC34D98629540956729A7D196D6ADC0C7D496A9BA4E7D954CB93B2D6E40D9
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:]..@.H........&..p.........../D.|......I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f..2e...l{..1.*.cH...1...:.E.................3.)..!<.s(u..y.u....](+.q*?F......A....fJ.pWUnd.*....N##.X.:...1-Tr......K...0.w.....E..w.N..,.....7gv....]...T..2.=..........u...b.9.<H.0...9f...v.v1.S1..c.+X......<.qp..4`.o...uA...%*N....*..%5Gs.....?].U...).[....W.,r..d....@.Ar.....k.t..7.J.Z*.x......].....M.O.IW.7+....V.......`5..cNS..t(.B.y.a..0..x...s..x..<'...P*.n{K]t...qtBVYA..lh.Qp>..J.B.N.r..."...<.w1.&.Of...f...*7|..-[S:.'T.......*.Yd.%4...P|3..U(.D..qS.KS.....W.Mf..Y.(..S....\.lp..C...]d...;. ..*..b.5..>X...v.b....P.d.OD.........(.M.c.d.Z..y...<.U...T.0...c."j(.3b.X23.H_[OoRM...v.Oo.a..e.........J.......]..is. ...G...Q..........t.Ze].......P,...hw(E....ZXO.og.8...s.Qx.R...,.......:.....&;.....q......l..........Xl...r=.L....>...y...Q..i'.m.5..G....7...uy.q[..\[.-.|.s.....d..K.N..E8...3>_..q9....bKy...N.r..8.|...[..U.....Jm..?.......u.j(

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\icarus_rvrt.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):53048
                                                                                                                                                                                                                      Entropy (8bit):6.729924975001718
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:oLfUf1lD2x7hxdVxuEzi0dnw/M4Elp3+rdA3Yil3iPmbLtGds9z:obUf1lSxT3xuEW0ioTEdA37Z7VGdkz
                                                                                                                                                                                                                      MD5:B7D7665142FFFEA10744503B184CBE1D
                                                                                                                                                                                                                      SHA1:1D649481483540D4C08A537A0AC05A1DB55AB59B
                                                                                                                                                                                                                      SHA-256:DCE354F23E841A0A92242B0DCA5D692B00071698A891D7228049C76C6824357E
                                                                                                                                                                                                                      SHA-512:CEDE5360BC1B565CA4E351734ED47EF161CD0593D7C5EDEB191E3B54237C305750549B54E36E5BF7A97D071402DA22CD4D639F0CCFB25FFDA32808F8E45EB65B
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!...ex..ex..ex......fx..ex..@x......ox....M.dx..ex%.dx......dx..Richex..................PE..d....7.g.........."....&.R...*...... ..........@..........................................`....................................................(....................~..8Q...........}...............................................p.. ............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata...............r..............@..@.rsrc................x..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\icarus_rvrt.exe.lzma

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:LZMA compressed data, non-streamed, size 53048
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):27149
                                                                                                                                                                                                                      Entropy (8bit):7.993255690221499
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:768:vbqp7/fuSuynOSDItJa7Ir3KOf4hnpVpS0Aaj6nW6/VI:vbq9/XuQOudQf4DSauW9
                                                                                                                                                                                                                      MD5:6BE6C5EC4D747F287734910D404F19E4
                                                                                                                                                                                                                      SHA1:93FCBE75AC6D47ACD5791A4FFE4C22FEBA79B139
                                                                                                                                                                                                                      SHA-256:C19E6E4F6DC6EECBBBEE78747EB535F74C692FE57B1DA2F93678236B67C9ED83
                                                                                                                                                                                                                      SHA-512:F7ACC151D79B10619B73A6E3172DD563EAEA938D423AFF5D896F16A62E31E84743D53C26FF0352E2882404604A6305FA08D7E205544990E0E77113A9E007E6FF
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:]..@.8........&..p.........../D.|.........{...cl..KN......TS;...p....."...gW.....~...~....oF~;....J..."..+$......%X..v..mq.(..q.X..Zk*fO L...|..W.......T.....6o.M&2.....}...WN..+..+...^.....1.Is.......j..k.... ..Q.d.....H.+.X.t...5.........+.m.....X....t...e.m3.9.......&..Y.g..K.....;....WJ....]f.M..R$...i.....t&..^.2B.m...]#......Vw........g.H.........I)'...X..h.....^.6....._.d...W.....z.....f....f@.....d....6..w._W ./......O'.`..TO.g9.YE..3.....:G.@v...t...u.L.z...`F.@.R.....$..?.~2.P.......F....D..*de...yP.=...;..n....D..(...\x.-+.u......%L..W;.2s....U>R.....^;..X...#={.m.b.A.%I........(...|....9lT%O.a~V....P.#-g.$.a.7..!.!_,i.g;.........S.....H........-u..........&.Kw..............6..veJ..5Y,8....%.b=..qE...p#(S...>|...\+.^.}_..#..r.[v.Ln/.!.r....e.3..]4.xm..u..vW.W....n0+.2.A......T.x:?..-.@..h.fiG...Dk..zjGL;4....yu.xZ...."]...4.x..}.K..],..\PR[b...r.&mJ..8..:...&F...I.H.......S..Z...PzikY.}P.p...0V...a.....ws...}.p.>cc..A._.x[G{j;.

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\product-def.xml

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):61140
                                                                                                                                                                                                                      Entropy (8bit):5.187838690583181
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:vOt4htupPgPSOKOlIZcqw4sZsTIuzTgo16euNJoz4kyCD6gI1JhJl7gPcT8XBS1M:OnOTERR2y
                                                                                                                                                                                                                      MD5:F1D7EE8246D37BA9CEEA6B583EFDBEA7
                                                                                                                                                                                                                      SHA1:502C10DBD72BDD74951216C3088F48804E2C5DD0
                                                                                                                                                                                                                      SHA-256:22482925246CCDAF3307A22ED9C6C868C0465AEB5CA34EFDF8216B0C0BA12689
                                                                                                                                                                                                                      SHA-512:A8B8DF664BC448812F403BF9558495BA0758225D1DDE7D8F7F14164EBCA00D43A0CAF8AEE8C156AC3E8053AE35A0C30CD51CE562C528BF3DA58F7762F579E1B5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<?xml version="1.0" ?>.<product name="avg-av-vps">..<product-defs>...<config>....<install-folder name="AvVps"/>....<full-name name="AVG Antivirus Vps"/>...</config>..</product-defs>..<group-defs>...<group name="base" mandatory-selected="true">....<action-list op="install">.....<delete-pending-files/>.....<commit-extracted-files>......<important>true</important>.....</commit-extracted-files>.....<expand-vps-version order-base="commit-extracted-files" order="+1">......<important>true</important>.....</expand-vps-version>.....<copy-path order-base="set-property" order="-2">......<post-condition>.......<directory path="%PRODUCT_INST[avg-av]%" exists="true"/>......</post-condition>......<src>%PRODUCT_INST%\*</src>......<dest>%PRODUCT_INST[avg-av]%\defs\%VPS_VERSION%</dest>......<ignore-same-files>true</ignore-same-files>......<move-type>Immediately</move-type>.....</copy-path>.....<copy-path order-base="set-property" order="-2">......<post-condition>.......<directory path="%PRODUCT_INST[avg

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\product-def.xml.lzma

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:LZMA compressed data, non-streamed, size 61140
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):13438
                                                                                                                                                                                                                      Entropy (8bit):7.98795673823763
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:3CXwGzdYGagvKMXRBigCyhW4zDs4DomARveSXQlPy2Ep1Dk:3CDJvagSGRBigzW4ELmAJVuuDk
                                                                                                                                                                                                                      MD5:2BFFBFBEF4263C57E95AE71522822257
                                                                                                                                                                                                                      SHA1:A3F4C2B0AC1B6A2D655C9BDD50DC181C51B26D9B
                                                                                                                                                                                                                      SHA-256:062EBB12D4042915B22A9556C9F47E6AAC086533028B37254C1ABA2C6E96A5D0
                                                                                                                                                                                                                      SHA-512:2F68490086C1AE2511F02BB29C3610E1CF5EB2990C8A143710D5C89A6249AB70CFE6FFCA93D9090E2EC09FBF55954695A56BB52E24BCD9E885CC30B727555A24
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:]..@................f......{3....&.7d..>$....`K...H......8..:_..~...\......>./........%..H.......o...Y....9-.f.P!....p...tC.k.....[...j...7^..1......N8...2....`..D.X.....h.TXhJk]......k...*3...J_..@[...URa.nK'.9W.a..Z.3k/.1e..gF6?.t...~.3e.=........BD....v...G7=..C.zM[B9d^..A...!....3BN3.(`..5T.....ZY&#AM.JA.......lnm.L.`x.......b@.`!...:...ZV.M~.P.%,.p.....Y..X2.oa.\.....}^....>.....7.{R=...3m>......I40Bua......[.q..Fn3j1....V6Wr..i9=P.(.8.......).\r..H..E..]?..&.mu...%x/..T......0..h`.E.h.228.....Y.4..9...vb.Gi.....f..SZ....w.k....E.....i.+.4...B....6......j......#.B..........[@..E......AP.yQ..%..V.YTN..Ue...?y.........z.7..ttP.B...%.O.._....].d...5&.1.Z./.]..Jg^V..S[d@1..~.R}.Y..}|Z...>..N.%.....A..J.#.....5.......u:8...IA.....q[!...!.o....Q''Imd.$.;]f..l.%......Z?.N.~T....c....q(....#...1Z.".....H.'n..w=6h.`.C.P.8h,.3%. ..-..+.....dW.U......K~..dg...\5&..........KI.s..v.~.u......l.......J..b......0.....Kw.6...M.....&....}.?.r.Ok...D

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av-vps\product-info.xml

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5931
                                                                                                                                                                                                                      Entropy (8bit):5.102330608267092
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:aVAkbva8i//A40x+mZXUz3rm62Gd/3sXnqQn12kVdeUPV8GK+k/Yo3M:a6Ova8i//p4+mZXUzbmxGd/cXnqEokVd
                                                                                                                                                                                                                      MD5:9238E0C90DCC5A9479FAE20F265A0856
                                                                                                                                                                                                                      SHA1:90629DFD4BB9633C4502F5952FFDB86F093A6E79
                                                                                                                                                                                                                      SHA-256:D0001D9442E49F860B42400EED3030FA54CC8CBF9FD9336F79DAE6851EA8C05B
                                                                                                                                                                                                                      SHA-512:B6BCD9D455DB1DA65A578BAC147AF81FC49C62408F01CC23AD7D26C0C215B001B4C117213392274376946D8CC73C083BD6D37D02E9C2D7CA2D065243D3EFB3FC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av-vps</name>..<version>24.12.2402.8785</version>..<build-time>1735036369</build-time>..<inner-version>24122402</inner-version>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>832f5604ec5e0a80e5c49dce4a6a23fd3864c423876ec26b6b398411dd15d81f</sha-256>....<timestamp>1735036304</timestamp>....<size>7469384</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3e46cb527223b1</sha-256>....<timestamp>1735036304</timestamp>....<size>8425288</size>...</file>...<file>....<conditions>.....<o

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\bug_report.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5944648
                                                                                                                                                                                                                      Entropy (8bit):6.511430665598052
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:rBOxB4b6hbZa5cvkDNiZ9yN/OA+13rIF3TY1Tlm:rBcuV5fDoZ9yN/OA+13rIF3T2U
                                                                                                                                                                                                                      MD5:088319BBB8483A4AB883B3EAA6D322A3
                                                                                                                                                                                                                      SHA1:8F99BE88AA96D5F31E2408779C2082A586140C0F
                                                                                                                                                                                                                      SHA-256:AA901643995C786C0598CE59C6EDC19D0202EF4A3A8A0CB0C1A22E961735099A
                                                                                                                                                                                                                      SHA-512:BAA4842408362B600C6F6BDD7F66DDA9F4690F95844ECFCA12CE8619FB0C6C0407C1188C76D414F4006DBD9BCBD6E490DA6637F7383DBD156A493B6CB33035E8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........[.5...5...5.w.6...5.w.0.z.5..-...5..-1...5..-0..5..-6...5......5...1...5.n.1.?.5.f.1...5...5...5...0...5.n.0...5.w.1...5.w.4...5...4..5..-<..5..-5...5..-...5.......5..-7...5.Rich..5.........................PE..d....BHg.........."....&..=..d.................@..............................[....../[...`...........................................O.......O.h.....Z.......W.....H.Z..+....[..v.. .G.......................G.(....G.@.............=..............................text.....=.......=................. ..`.rdata........=.......=.............@..@.data.........O..B....O.............@....pdata........W.......W.............@..@_RDATA........Z.......Z.............@..@.rsrc.........Z.......Z.............@..@.reloc...v....[..x....Z.............@..B................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\config.def.edat

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (2186), with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):21873
                                                                                                                                                                                                                      Entropy (8bit):5.690464339074782
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:D4JxeXHtpV2gtJi0YbwA+V4B3p+3JBG1srr7dld13eWc8oEKAo:gxe99JiF+4BWBWwL13ej8opAo
                                                                                                                                                                                                                      MD5:E9865C49EFCC70C08B60AB5A99BFD76A
                                                                                                                                                                                                                      SHA1:12FF40AC0ED120D246BB7C1DB56066682BB60C4D
                                                                                                                                                                                                                      SHA-256:267481C5C3FF66EC6DDA02134B1216D85C12470555581F92B423A29C91DB547A
                                                                                                                                                                                                                      SHA-512:E9185E7B2622E03B158C6991F7DE414319EE499B7A4B01AA82C36D193D0432392D89FE4678B48FC53EDF3D4905F314F0AC67F93812162BF8DD445BE6AC647F8D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[Settings.UserInterface]..ShellExtensionFileName=0..streaming=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Features.SwupOpswat]..Licensed=1..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[WebShield.WebScanner]..VpsFileRep=1..VpsFileRepScanAllPorts=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=1..[Offers.SecureBrowser]..ShowInIntro=1..[Settings.{D93EF81A-B92F-27FE-AF54-9278EA8BF910}.const]..ScanAreas=*RTK-SUPERQUICK;QuickStartup;QuickMemory..[AntiTrack]..Enabled=0..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[Fmwlite]..License_check_interval=16..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\dump_process.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3531080
                                                                                                                                                                                                                      Entropy (8bit):6.522879430230983
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:/4ZVltpGu1verv550rDSbIhWeeNErYajCtiZH6AKgtMtchtNaJtGycT+XJlktvTr:/uXIbpI1BGtidJtBo
                                                                                                                                                                                                                      MD5:621737307656F95EE47A8FD88F653DEE
                                                                                                                                                                                                                      SHA1:007EAB8401237C014EB2A3942220AD83C6AC9A23
                                                                                                                                                                                                                      SHA-256:2F8A779D146017868E5DD4E67083675DA9AA5B94A174D8B56C33F58F1EE4FD08
                                                                                                                                                                                                                      SHA-512:9D9B29F28B203D371CE65E9395CA67856E5D7952BE46F5C54F05B13545FDCEF7C8C4FC084E239F78B0C4BC21680986D313BCE32EDDD07157FEF7386D601BE24F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........~...-...-...-j..,...-j..,...-j..,...-..0-...-...,...-...,...-...,..-..^-...-{..,...-...-...-...,...-j..,...-s..,...-...-P..-...,Y..-...,...-..2-...-..Z-...-...,...-Rich...-........................PE..d....BHg.........."....&.. .........`..........@..............................6.....=:6...`........................................../,....../,.......4..Y... 3.,...H.5..+...06..U..x.'.......................'.(...p.".@............. .`...p,,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data.......`,..4...@,.............@....pdata..,.... 3......t2.............@..@.didat..P.....4.......4.............@..._RDATA........4.......4.............@..@.rsrc....Y....4..Z....4.............@..@.reloc...U...06..V...`5.............@..B........................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\edition.edat

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:Jn:J
                                                                                                                                                                                                                      MD5:9BF31C7FF062936A96D3C8BD1F8F2FF3
                                                                                                                                                                                                                      SHA1:F1ABD670358E036C31296E66B3B66C382AC00812
                                                                                                                                                                                                                      SHA-256:E629FA6598D732768F7C726B4B621285F9C3B85303900AA912017DB7617D8BDB
                                                                                                                                                                                                                      SHA-512:9A6398CFFC55ADE35B39F1E41CF46C7C491744961853FF9571D09ABB55A78976F72C34CD7A8787674EFA1C226EAA2494DBD0A133169C9E4E2369A7D2D02DE31A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:15

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):8425288
                                                                                                                                                                                                                      Entropy (8bit):6.449288731687494
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:m0Lwb72hqfl95H41bgHJdEOKyjhlqAkwjJ2UpIYrchS:m0Lwb72Efl95H5SOKyjhlqAkwjJppF
                                                                                                                                                                                                                      MD5:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                                                                      SHA1:667DD38F434B7E7B334C203E06B87892002AA3B0
                                                                                                                                                                                                                      SHA-256:3BA8FBAC3885AA994B335C77D2F1544C6A87420EDC8B0F047B3E46CB527223B1
                                                                                                                                                                                                                      SHA-512:C5E67816FC905836D178A8CFCE7585E383F822987E45BF9078E834BB625ED745918615DB8B83DA34FFB7EE46004F579B4CC2B50BD544249E775BF88D4836385C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$..........Z...Z...Z........\.I.V...\...I...\...H...\...'......J......|.......Y......R......Y...S.'.X.......@...........Y...Z...W......[......[......G...Z......0...@...0...[...0.K.[...Z.#.X...0...[...RichZ...................PE..d....BHg.........."....&..Y...&......t2........@..........................................`.........................................0.r.......r..............P|..x..Hd...+............g...................... g.(....7^.@.............Z.......r......................text.....Y.......Y................. ..`.rdata...H....Z..J....Y.............@..@.data........`r......Br.............@....pdata...x...P|..z...X{.............@..@.didat..p.............~.............@..._RDATA................~.............@..@.rsrc.................~.............@..@.reloc..............................@..B........................................................

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus_product.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):7074632
                                                                                                                                                                                                                      Entropy (8bit):6.486902090088866
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:+zdxWpixBidNhPpfUwr593W+QZMSF78Oaxz4yG6JyZf:+zdxWpixBiDht93W+QZMSF78OYz4pZf
                                                                                                                                                                                                                      MD5:D86C3547360DB15C094E32FAAB54AE3A
                                                                                                                                                                                                                      SHA1:E197C16BE3F3AB8B2C9C5C4621984F2F9B28BA0C
                                                                                                                                                                                                                      SHA-256:9BBDC59F38BFA64EF3305AC3B0B8B2D89522DCD4F59363A5324A4089730157E8
                                                                                                                                                                                                                      SHA-512:03FD7FE09F13C052A289847CA4F9F2EF78AEAF03E431DABA617E7E4CBC5FA6813F96D19CA007196A961B3C5C822BF63C6D398C3B72A192F412345726F156071B
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W..:...i...i...i...h...i..zi...i...h...i...ha..i...h...i...h...i...i...iE..h...iE..h...i...h...i...h?..i...h...iX..h...iX..h...i...h...i...h...i...h0..i...i.}.i...h...i...h...i...i...i...h4..iy..hG}.iy..h...iy.xi...i...i...iy..h...iRich...i........................PE..d....BHg.........." ...&.4H..l$......%.......................................l.....Oml...`A.........................................._......._......@l.......h..M..H.k..+...Pl.....0.U.......................U.(....U.@............PH. ............................text....2H......4H................. ..`.rdata.......PH......8H.............@..@.data....w...P_......4_.............@....pdata...M....h..N....g.............@..@.sdata....... l.......k.............@..._RDATA.......0l......"k.............@..@.rsrc........@l......$k.............@..@.reloc.......Pl......*k.............@..B........................

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus_product.dll.lzma

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:LZMA compressed data, non-streamed, size 7074632
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2087067
                                                                                                                                                                                                                      Entropy (8bit):7.99990334673335
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:49152:/yf+BFH+dEXmVEL20MtW17aRT761Cv1zyOnIzzAkIqbu:/2+3HyEXmT0MteiW1CtWzUfiu
                                                                                                                                                                                                                      MD5:F22487BDE9ED1A7EDB44AC7BE68AC791
                                                                                                                                                                                                                      SHA1:FC8CD1F1769425149D36A93F3761F1454C9D2BE1
                                                                                                                                                                                                                      SHA-256:EB59F36A27FF71FD3BC7E59AFDB09A07C08616280927A408F01DBAF0F4AE5974
                                                                                                                                                                                                                      SHA-512:C8B4E9721C0E370A367E4AC236A9BC6FEF17289ADE0D731D1544B2E47CA32860C7362C8715FEC8723960563CB7F023B8ECF2064A26804EAA923E99EAAD0CC6E9
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:]..@.H.k......&..p.........../D.|...D9...B..y.i...-......;OB.....`......>...s_9.Lz.I..W..?.K<..............>.....W.Q..."..2.7._.$e.K.....c.K.^."...._@.Qh.l.=...h....Y....j.E1..|.q_.D...*..U.....z..-K*.?........1...a.2A.u)....q.9.........o.+.09.81Oy...zk..m5../.?Mj,D,.d..2.......^...X.0.y...,....bi.N..4V'.!.b.Rt...f.h.>.XF.-..2}......L...^...P......{...#9R.<.pl....!..o,. :.u.o.p=.y.."<.D9'...D....+.W... ..M2......O..T.._.-.1."..-?.xCm..2*lx3f&..^.]Xh..D.G>..=/[.._.5.Gf....U....,~I....8<:.\.f.=w.c.q.0.*.7F.._...bWt..v..gP.$\.6.a.e:....#.%@1..e..c.<.0..5.,.k6.<.L..P...=V.W.-.@.|m.......Q./"..\.t......JZ.......d..........+.Vdk.$...L...X...n...w..B.._VF..M. 5%..u........C..i......G.p..,..w..;Z.<.........../W.X..I.\U......@O....#A.E..),.w.R..Qv4<.e....>..)Y.:.a.R.C...-J1..)H...M..S.@t...p.5.?..._....&.....nN...O.B.H.t.....t.p..B...i....8...hz ^i.....;.+...m...W...`.jZt(........ .@j=.!Y...8.ZwC$.g...`....%.R`5E..........7..z..S4..uws/...~.e.n

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus_rvrt.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                      Size (bytes):53048
                                                                                                                                                                                                                      Entropy (8bit):6.729924975001718
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:oLfUf1lD2x7hxdVxuEzi0dnw/M4Elp3+rdA3Yil3iPmbLtGds9z:obUf1lSxT3xuEW0ioTEdA37Z7VGdkz
                                                                                                                                                                                                                      MD5:B7D7665142FFFEA10744503B184CBE1D
                                                                                                                                                                                                                      SHA1:1D649481483540D4C08A537A0AC05A1DB55AB59B
                                                                                                                                                                                                                      SHA-256:DCE354F23E841A0A92242B0DCA5D692B00071698A891D7228049C76C6824357E
                                                                                                                                                                                                                      SHA-512:CEDE5360BC1B565CA4E351734ED47EF161CD0593D7C5EDEB191E3B54237C305750549B54E36E5BF7A97D071402DA22CD4D639F0CCFB25FFDA32808F8E45EB65B
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!...ex..ex..ex......fx..ex..@x......ox....M.dx..ex%.dx......dx..Richex..................PE..d....7.g.........."....&.R...*...... ..........@..........................................`....................................................(....................~..8Q...........}...............................................p.. ............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata...............r..............@..@.rsrc................x..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus_rvrt.exe.lzma

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:LZMA compressed data, non-streamed, size 53048
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):27149
                                                                                                                                                                                                                      Entropy (8bit):7.993255690221499
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:768:vbqp7/fuSuynOSDItJa7Ir3KOf4hnpVpS0Aaj6nW6/VI:vbq9/XuQOudQf4DSauW9
                                                                                                                                                                                                                      MD5:6BE6C5EC4D747F287734910D404F19E4
                                                                                                                                                                                                                      SHA1:93FCBE75AC6D47ACD5791A4FFE4C22FEBA79B139
                                                                                                                                                                                                                      SHA-256:C19E6E4F6DC6EECBBBEE78747EB535F74C692FE57B1DA2F93678236B67C9ED83
                                                                                                                                                                                                                      SHA-512:F7ACC151D79B10619B73A6E3172DD563EAEA938D423AFF5D896F16A62E31E84743D53C26FF0352E2882404604A6305FA08D7E205544990E0E77113A9E007E6FF
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:]..@.8........&..p.........../D.|.........{...cl..KN......TS;...p....."...gW.....~...~....oF~;....J..."..+$......%X..v..mq.(..q.X..Zk*fO L...|..W.......T.....6o.M&2.....}...WN..+..+...^.....1.Is.......j..k.... ..Q.d.....H.+.X.t...5.........+.m.....X....t...e.m3.9.......&..Y.g..K.....;....WJ....]f.M..R$...i.....t&..^.2B.m...]#......Vw........g.H.........I)'...X..h.....^.6....._.d...W.....z.....f....f@.....d....6..w._W ./......O'.`..TO.g9.YE..3.....:G.@v...t...u.L.z...`F.@.R.....$..?.~2.P.......F....D..*de...yP.=...;..n....D..(...\x.-+.u......%L..W;.2s....U>R.....^;..X...#={.m.b.A.%I........(...|....9lT%O.a~V....P.#-g.$.a.7..!.!_,i.g;.........S.....H........-u..........&.Kw..............6..veJ..5Y,8....%.b=..qE...p#(S...>|...\+.^.}_..#..r.[v.Ln/.!.r....e.3..]4.xm..u..vW.W....n0+.2.A......T.x:?..-.@..h.fiG...Dk..zjGL;4....yu.xZ...."]...4.x..}.K..],..\PR[b...r.&mJ..8..:...&F...I.H.......S..Z...PzikY.}P.p...0V...a.....ws...}.p.>cc..A._.x[G{j;.

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\icarus_ui.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):12384584
                                                                                                                                                                                                                      Entropy (8bit):6.57357572805349
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:196608:p2BLFQqGBFdSvlxOQAKFt1Sw1flisrqNb:pGLFQ4lxOlKn0MNisrqNb
                                                                                                                                                                                                                      MD5:151364F07CCA741F9E70D2222003AADE
                                                                                                                                                                                                                      SHA1:21C6749D1563FB01A99218B37C8BDAF449BC72E7
                                                                                                                                                                                                                      SHA-256:E9E9A93A90FDACB5677472FBFEB58DFCEA5047E1D044CAE69FE1FAC0378F6D60
                                                                                                                                                                                                                      SHA-512:D1BE3B425CD9BB0321EF33B881E3A6740135B86F7E3041E34ADD38933A5D9E819FF7CCC994C21FB1C306E4284B6C5D86260D54B454A0ECD5FFB3974C053FE52A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........7R..V<..V<..V<.^$?..V<.^$9.TV<......V<...8..V<...9..V<...?..V<.^$8..V<..)8.pV<..)9.aV<......V<.O#8..V<..V<..V<..#9..V<.G#?..V<.G#8..V<.^$=..V<..V=.(U<...5..W<...<..V<......V<..V...V<...>..V<.Rich.V<.........................PE..d....BHg.........."....&.~....a.....P..........@.....................................9....`..................................................................@...H...+... ......@...........................(.......@............................................text....}.......~.................. ..`.rdata...{%......|%.................@..@.data.....4.........................@....pdata..@........ .................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\product-def.xml

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1328262
                                                                                                                                                                                                                      Entropy (8bit):5.392938987790726
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:cwUVl9zvHIiRDSkcu2vlETMoB9SebjSkYu:cwUpAkGu2vlETM1ebjPYu
                                                                                                                                                                                                                      MD5:EB07DF8DD82F53102E8D11BBBC710BB3
                                                                                                                                                                                                                      SHA1:27496ABC3727699B049941D8D601F4C3D3942088
                                                                                                                                                                                                                      SHA-256:6B80FA1F82216A58BDC872DE1A8E2CF9D2C485D135CF3414B797D58EA9354FA4
                                                                                                                                                                                                                      SHA-512:25A4D798601A7CDDE6869B3B8BC01258F4FB98E11DC49A0A531FE7CCE39CE1FBCFE609AC0B67C849E2BA37A558C7DFA7B600E39DFC8F7318BFFE3509A7EFD406
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<?xml version="1.0" ?>.<product name="avg-av">..<product-defs>...<config>....<install-folder name="Antivirus"/>....<program-data-folder name="Antivirus"/>....<registry-key name="Antivirus"/>....<full-name name="AVG Antivirus"/>....<languages>.....<lang>en-us</lang>.....<lang>cs-cz</lang>.....<lang>da-dk</lang>.....<lang>de-de</lang>.....<lang>es-es</lang>.....<lang>fi-fi</lang>.....<lang>fr-fr</lang>.....<lang>hu-hu</lang>.....<lang>id-id</lang>.....<lang>it-it</lang>.....<lang>ja-jp</lang>.....<lang>ko-kr</lang>.....<lang>ms-my</lang>.....<lang>nb-no</lang>.....<lang>nl-nl</lang>.....<lang>pl-pl</lang>.....<lang>pt-br</lang>.....<lang>pt-pt</lang>.....<lang>ru-ru</lang>.....<lang>sk-sk</lang>.....<lang>sr-sp</lang>.....<lang>sv-se</lang>.....<lang>tr-tr</lang>.....<lang>zh-cn</lang>.....<lang>zh-tw</lang>....</languages>...</config>...<vars>....<var name="%V_PRODUCT_PREFIX%">.....<desc lang="en-us">avg</desc>....</var>....<var name="%V_AV_SVC_MODULE%">.....<desc lang="en-us">AVGSvc.ex

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\avg-av\setupui.cont

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      File Type:XZ compressed data, checksum CRC32
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):388896
                                                                                                                                                                                                                      Entropy (8bit):7.999454561919189
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:6144:cZv1wTLXngkaPp4+eKpqIf+DiqKojxEoiG9jnFgoh5EDgBE+1qPl03uuARWAgTMr:c91wH5STqIf+DiCeM1h5EDsqPKeuAxK0
                                                                                                                                                                                                                      MD5:76344DB87A002E2F8A2D60D4D6EC96D9
                                                                                                                                                                                                                      SHA1:CE2A7412E2CDB002AB70D14AF4BD25E752B6FEC6
                                                                                                                                                                                                                      SHA-256:F6C29C470A756F71F14AD40453E27AA8E141BD3443B84483C733C282EACC8F7F
                                                                                                                                                                                                                      SHA-512:638B7F3854D5ED38924ED5E6C953F986D941460BC5DC3A45A86F741473221473E25988D8DCA0E62D5EB34254CA8E55B44249D86FFCDAD95028DBC18183CCA23E
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:.7zXZ...i".6..!.....F.;...2..].0...?..Lm.K%. .6.X.....L.@#........EG.K._<.g...._...m.D.d...S:4.4J..k...._.B.x...e..E.nT..a...d)$.#...A.....U...i.R.....t..R....D2/!.Y5.......X..yD...*9}I.LN......./5.\Rm....hl~_.n..O.....>....-.~..0..4JO..!.........(.t.O"..D1.u,.>;.FW.^.o......W.n.....b...."...4....M.....k...H.......b...1...&4..<wO....*.j.:...M..i.$.../..U...eN.(.J..H5+.o.g.l0..n....s0...m...T...>..}woH.Y.P.........{l..s.."4.I..rg..\....8.W+H.xur..)M1.Lk.y.g..lT.N...."....\wX.5........2./.=.9..l...PI.o.h..GpTO.4.|":.........6c......X..{?.....Od.r7...Z.1KQx2.....!.C."Y..p+.(..d..<x[.1......<.6.\..c....V......0iQ..b-..i..{........[d.u1k........)...U......U.'?[P/=.3F..........)*g._..N...{.,f..c...n.-...x2.F`>+$ea.....s0..}..d|`......@.h.......i..tt..h*I"C....B.~....o..jc.>KP.QdqYK..@=.....cr..{.1....X.........[S.q.. ..`...l2.%".D.\-..xm......+.Hk.....N..S.G....p*.u~...Ph.?....|.Z ............_...........).....>.u...wRV..?._.....y.!VS.;|.

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\10460286-666d-43b7-924e-404997778a2c

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:LZMA compressed data, non-streamed, size 388896
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):394365
                                                                                                                                                                                                                      Entropy (8bit):7.999498861385828
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:12288:MiHsN+DsMAGeruomEfcoPUYeI7NgJGR54rB:MrNcsMAGerDThdewBRKrB
                                                                                                                                                                                                                      MD5:4B1DD5C2123216AF96B86F6E43BBF980
                                                                                                                                                                                                                      SHA1:ABD916E383301C5EF4EA48898E349096CA4846B8
                                                                                                                                                                                                                      SHA-256:0D1E33CAC8D5A14FF8E9B55A58EAE20B6E795E5A3B96DB0B829E8801D6E7C7B2
                                                                                                                                                                                                                      SHA-512:75DA0D36297D96C6D7BD34F40D9597D729674C96346715B2078CF425AF19F44D02E82845BC2D36A5A1F3B438522AC884C125A453F9062DEDAFB665ABEAB65E2F
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:]..@. ........~..E..8... .rZ.~0.eg6....2..)V....o.z.....gO.....L.1U..........@....Z.]..\..._...9'.....T...2<.u?.]..<!.i.3...gb.`c.*.....@.vu.Y..U.F./..m...(T...w(....m.i...VAX<........1!.W..)..?9k..E.(p..lN.r....,.;Z.;.?..Z..=.._w.'.H....v.m..i...P0m.<q..w..v.:..LE_z...i.....tfIz..(.nI.*...M..N..].h...2e.u.`.....h.}c.K{.].)..YQ......?}..6@.:.@(0R.`Bko.O...K.......Op.d.*.6b....e;....KC..n^..?(..[..S...-H@{z..&...<..T.......U.. .....yP.k.b;SGy..M.%(....L.....AcB........^...;K...cwO.7......h(.4E^.>.S........p....HY..,.?.=.....W........",e...w....z'.7..P.S.T.$...nQ./..rM.VK.sjd..3of...f..+.....P].6....L4...a.>G.D.5...2$o.......Er...m~....%.z^....vqi.@.O.~87....N.Z..3..A..kV......ND}N...1*_.`l.u.Kw..h.?.._.?ZK1.\O?.vv..8.WE....#T....J.....'<~I.dI.-.........FA<.k.f....0....4......K....h....*3.O.Go.....W.0.zc..e.......P......o....BL..............`m......l.bA....0....U.ac.....eH....=.p<F...............H.r?..i......Y..y..9...;-.F..GJZ/..O.

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\38c5c893-8e0d-4032-96a7-5f0fdffaba37

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:LZMA compressed data, non-streamed, size 3531080
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1024725
                                                                                                                                                                                                                      Entropy (8bit):7.999821315855513
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:24576:64ZDqa6E/JvqxKImmDBN+HAZLfT7O2iZvHF04PwUjsptlB:645N/QTN+X3ZK4Pw1Hb
                                                                                                                                                                                                                      MD5:B30B0361A61E22319E031BE300E0A058
                                                                                                                                                                                                                      SHA1:825B4E782C05019352F9C54AFF6855503D4732CD
                                                                                                                                                                                                                      SHA-256:B585CF3A5B8F95A32268E7CCA1CD7F5A743A1EC6A715D6151CA5DC3693F002A2
                                                                                                                                                                                                                      SHA-512:C70EBFDBE505422CE5AD4D47971C80A9E8CC908D22B2BC7F15A55CDD5CD276E2DBA8FACE0C710DF31CB6B406BE13692FF24F8201A967723B3326A94667DA6FD0
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:]..@.H.5......&..p.........../D.|..y..:.}.._..G...5mA..aQ..c5t ..+........w.uRl.,E.u9....r....dV....\....N..ZH$n.X.......<....|.N&..I@z...XrT..0O.j;...Q../b..-..g..F.......|.1A.\;.x...-....'`.y.\.9...hG.|...<.i..>.z...3`tP....x.9.:'.O6..0+.S ....zhs..C2O.X;D...>.GY.....4..M....IO....N.z`2.^...T..s.O."...0d.`.d.n............c..X...lkz.5'3..'[E....,m.kVt.Gx.L.pM.P4.].+ d.0... .d...F.@.f..&.H.l.v.I..D...i|._"..........RB....8.......X.v>.......d......>.=..'.W..)....v.Ut2. ...{....|k&.k....g'QV....|...6..k.N..6\....|.G.5.....v9.u.....(...X..[.-....0..4...:QrF.....RR...lhjW..n..c0q..9.....=]'~....N;c[.7*.=E...(.....wx.X8M..Z.b..n.?.....ECx2.8.d......?....GO..........qS.T...q..}...XN.m..,~...*....s..q..H.^..1i....*....{.o.....!W_d{.N.......J6.Vg...i.....................i0.....R.......#..o~.....8nW.......F..rn._.U........V=....Su..j.yk7.^._..C..........EDg.:sl)......L\.J...S.*u06`.}.BW..... ..<..T#6.*...-v~..q....!..7.....X.x.C.V.~g..o.A..#...}.

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\484d38e6-6bc7-41bd-bb9d-2e557c63a54e

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:LZMA compressed data, non-streamed, size 5944648
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1827555
                                                                                                                                                                                                                      Entropy (8bit):7.999904141247566
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:49152:ODI7vzOJ4LkpEKNUBibEk9BxxQAUrV2Dvxr:ODIT/KEqzVpDvxr
                                                                                                                                                                                                                      MD5:84952697EEF607B32BC64CFBFFADC30E
                                                                                                                                                                                                                      SHA1:285F44353ADBF679AE88C63C9191976E05FA4320
                                                                                                                                                                                                                      SHA-256:B2821850BA09E884C2B058094EDF84EE7D72C2988CD575AA2D986CBEFA6579F9
                                                                                                                                                                                                                      SHA-512:57BD96CAB4844346B0E05ED3AC4CEE291C814D41AA4A1B86B05CFAC3CAA5501476871E49425363C633BCABDBF635A3072304FF9B9BEAC73EA3628BDEEFC9FBF9
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:]..@.H.Z......&..p.........../D.|....o.e.F<w.,...vY.Ta.....NE..1E...V..Z..m9..^../:Y!....y....eg....>..:o.u...F.d.h...Q..DL...^Mv.m..I.....R..h5.A.....M...i&-u..-...G.k.P.~..D,..\.*U'.)]T..A..Cn..gx....kXem.A;..F.ph.0....)....T.O.1.k.:w1.@.g..^...../.(.N.V.."/.....5.....j...>fq..bFG.+.y...a.v... .Z@.Au.|.H..%.......}..2...i....M....r........TbzT.R....."1.*....\A....X.<....+..X...<]8.y...b.P3x.q&.N...ze.a4$.Zpk.z...'C."..P.$h.....m.=L.3...\.|{..X.EX..f.....M....~q.C3.VN..+...N..|.....U..}<.$a.!j..>.../...9 .F..i. .Z/7_..<......q.o...p..j38.\p....4.B..)J..D.....N:...X.&+....-/.P..Q2...7 .e.H.....&..Ys.(i.j.S.4k......J....!..../.kY.....!..@.[.tV._.....5...W/.[....`FY5'U....L..|.R.F_.K.....mz9....G...#".o.-..L;.5...l6f.1...._.~.U..u.m!x._.N Ep.p........T.:..0Q.u.o.B.g.m.Q....T.P.d.k..V.Y.`d..9.6;{3{.U.hOvk.^D....\....]K+......w.|..{.._!...r..+...q.d..D.%..<YD.*.....K...!"oS.p.....o..i..&...-v.Rw.om.<.134.D..;cCvJ%?..o....?..gj\......B..r.;......M..;`.

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\5e6e016e-767e-47ca-ae96-1477cc8aa949

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:LZMA compressed data, non-streamed, size 15688
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):9881
                                                                                                                                                                                                                      Entropy (8bit):7.982144056447914
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:va5QFe5kFCIgy2UX/GWISJ+ut3gXwU4Vp6RUxWKr9w5mqKokS6mNL6fb:vay6kFxaUXOBINQAbgRUx79w5xKok/uY
                                                                                                                                                                                                                      MD5:AE04DC0902D3306BE8A16E9C824EC526
                                                                                                                                                                                                                      SHA1:29977902A92BFD75234E8ACA64BC57A627FBC782
                                                                                                                                                                                                                      SHA-256:D5ACF32560137A3AFEE4E10CBE3A5630D75A8DF139922824FF78F9FA713B6D93
                                                                                                                                                                                                                      SHA-512:8D448254F8F9A9161782100FAE1D1F062C9BFE04555D4B30AC5457DB02A5D8A7C513BBBE013ADB1D9F386CD0F58A3607CEF864DE9A68FDDC22348453BF634B13
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:]..@.H=.......&..p.........../D.|.........{...cl..KN......TS;...p....."...gW.....~...~....oF~;....L.c.Jc..k_....P....u*....E.~.Y.......0....\.:._.........]Q...o..V. .....e.D.K$j...d<...e`.XN[y.|....W..cv....U..%.C.d/\G*2.a....Q....._........ .`.!...#.h..|)...G....p.8.Py...=0,.8'.4...L..Po..d.;.Q.#..R.I..&N...C\....<H..<.UT.b..w(..G...D..S*....K..V..O3z.r.........t.5..U..wb...8H.:..4...c.'....wv.j%c....=.....q.D......s%Gr.>......I1.n..s..h...<........N.B......F.&.7.U6@.LM..@.LB.....BS.P..vA..W..r..2.v.C.UM.{.|....\..#8......::.E,..h...X.X....o..ii~.A0......Q.i.C.FZ.....,....y..h.....yr.....qB...`..-.i...\8(.........!./@...r.|T.|.......Zm...1........&G~....Pk.q.&.a...8..*..}.D.7..`"B....}.P..i.v.........}....h.Z.%.!T+.L....4.b...S.H...r.;t........PK)2.C.y<..^0.....C..,M..Z..s7.VA7[Z.<_..H.C....+...e. .'.{..l?.....@.E...#.oq.....i..@......J..G.m.nf..=. ....9;.y@...)....:.....>.......E...b...!H|f.q3|.I..a..Sq!.....6.f../.^.b

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\7cc1ae5c-206b-4137-94e9-860f31962ff3

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:LZMA compressed data, non-streamed, size 8425288
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2532654
                                                                                                                                                                                                                      Entropy (8bit):7.99992603160213
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:49152:/WjjaTN6PDXOHqdjB0i8qpmWqeiYdYvSWatmEzB1h796GBXjc:esyaHWjei8qiYO2IEt7kGdc
                                                                                                                                                                                                                      MD5:4F97115E493AFF57C86AE0343D4706EC
                                                                                                                                                                                                                      SHA1:15CE45B25B64B3958BE2C9ADCCA5A91D25A554C7
                                                                                                                                                                                                                      SHA-256:A184C4878F3D33C3B9ACF78931A846C5D45430E245639008803AF803DB02AF6A
                                                                                                                                                                                                                      SHA-512:F5C87720A5341EE9C53E8E6E894A4AFFE8244B663367107CCBFA0E9B48356BD12C775E0D11F06C1A2000FDC8A7523B95295760360CACD21E528E1C18C70D9BDD
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:]....H........&..p.........../D.|...C..I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f}{..5.;.@..[.t.......S...z~X...T....l...7..x.].../.o9SM9.(.0...o....}fX's.....G...\|:...c....3_.....H...d.z..Ki...2.XJ8y.y.40.._..,..F.."....X......T......!.0..5.%p.`@.J...e!.`..K".....^......h..[.).N.#.8.M..C...v..,..MI&C..T.R...1c..&n8.....6....e...?.Sh.?..|!&j..........=.k..\..?..p.`..[...]..!@.....7.q..N..F..S...Z...U...)....o.."J.7..K..:Y....cqO.'.9I.../v.....[..?i.....W#.{.a..".tjf.<......./....99\RP...........{.p.~....F......".]...W.$..=e.mU.k...%.T.'...X.....G..E........9.I.S...'`\.a..7...G.5}T.....UET..0...|....?..f....S...I4..L6Z..l.B.z.1@.....H..k~.=I.s.5....k.....e.3.V...]...0...cC.-_...j......E...~...|.......O.nM.y.H.')...L..P.........=A{H.?..LC.l..f.,;..PKS.t....a...u.QH!.Z8.{...@^e..[..?%i.a.=.i....eJm...y....]..a..>X...p.m.)..;.._..V.......D.d......L.....&.K5..XO...~.*}........=.*MG.O..i.5..]...b....z......5..$.f..T.Ew.h?*7m.6..T.W

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\9c8a6547-ee3b-45b9-a388-ae4a211904c1

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:LZMA compressed data, non-streamed, size 12384584
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4013693
                                                                                                                                                                                                                      Entropy (8bit):7.999951248371016
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:98304:8C7VaUF0yi3wH4mmiTOA1RKldIwQSv9bM3QC:H7VaI0Z3o4QqDzoz
                                                                                                                                                                                                                      MD5:1751FFBAA0682BA752E1EBEA6B6259E3
                                                                                                                                                                                                                      SHA1:01A52320D884B13A6A92DD476A8837C25F551EFB
                                                                                                                                                                                                                      SHA-256:E91471DCAA978E828AF58403F63859F6459837C2E7E6BFB24BB6846643E743E9
                                                                                                                                                                                                                      SHA-512:504302B962AA99FF55B0326D2F29787EED6BD2C586CDCB733F03F2E67EEAAEA0CB56847E3779B8027F4CADA9C945D4E48E5DC8DDEEEE2FBE029D9E0F8CEC1592
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:]....H........&..p.........../D.|......I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f.......s;1a9f.$.h[3..A.....G|pk^..d....&..5.....f.=......o.../1p..'....y......l\.>.\....rK3s.9E.J.O.....%_m.F..#.l.......Q,..%..0....!.........y.....m.C..x...F .W.v?..9.N...{|1Vx..$.z.v.f../.:.D.)?0.j.....'.......sXvZ........m^;ti6wv....MG...:...V.z....0G.Mg./up.f..XEw...iMkF.b....^....(..}......!..O,...9?&..p..Gl.......0_.F.... ..R4...-..*.w.~..@...U. r........f.Q.n*....Y.........w....Fc..... J.8.3.!.~.....i.Z.<......ro./WIK-a...2y.Bh.1.......VS..J.,..Yc.c]..+....z^vl.d>.GF\=Y.WvT...............0K..D..l. 1.(bz.n.8.....uS_5..$V..j"..1.V.C..-...."..P<B.^z.&.P[\..Oq.(kb.q.....r.....G.....d&.E.-.~H.;... .*wD........T#.....M.@.....&d;.s........;...........&q.D..)V.IL.........:..*.\hg.......h:Y.g.\...j...e'.n..L5.9.SDG.J1?..WJ<].6.K....Q.d./....r.....eX...7V..\.S....sv.....0a1G..M..&..B..A8..:...PI........5'...W@...S....a....g.d..Dm..L....u..

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\bug_report.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5944648
                                                                                                                                                                                                                      Entropy (8bit):6.511430665598052
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:rBOxB4b6hbZa5cvkDNiZ9yN/OA+13rIF3TY1Tlm:rBcuV5fDoZ9yN/OA+13rIF3T2U
                                                                                                                                                                                                                      MD5:088319BBB8483A4AB883B3EAA6D322A3
                                                                                                                                                                                                                      SHA1:8F99BE88AA96D5F31E2408779C2082A586140C0F
                                                                                                                                                                                                                      SHA-256:AA901643995C786C0598CE59C6EDC19D0202EF4A3A8A0CB0C1A22E961735099A
                                                                                                                                                                                                                      SHA-512:BAA4842408362B600C6F6BDD7F66DDA9F4690F95844ECFCA12CE8619FB0C6C0407C1188C76D414F4006DBD9BCBD6E490DA6637F7383DBD156A493B6CB33035E8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........[.5...5...5.w.6...5.w.0.z.5..-...5..-1...5..-0..5..-6...5......5...1...5.n.1.?.5.f.1...5...5...5...0...5.n.0...5.w.1...5.w.4...5...4..5..-<..5..-5...5..-...5.......5..-7...5.Rich..5.........................PE..d....BHg.........."....&..=..d.................@..............................[....../[...`...........................................O.......O.h.....Z.......W.....H.Z..+....[..v.. .G.......................G.(....G.@.............=..............................text.....=.......=................. ..`.rdata........=.......=.............@..@.data.........O..B....O.............@....pdata........W.......W.............@..@_RDATA........Z.......Z.............@..@.rsrc.........Z.......Z.............@..@.reloc...v....[..x....Z.............@..B................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\dump_process.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3531080
                                                                                                                                                                                                                      Entropy (8bit):6.522879430230983
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:/4ZVltpGu1verv550rDSbIhWeeNErYajCtiZH6AKgtMtchtNaJtGycT+XJlktvTr:/uXIbpI1BGtidJtBo
                                                                                                                                                                                                                      MD5:621737307656F95EE47A8FD88F653DEE
                                                                                                                                                                                                                      SHA1:007EAB8401237C014EB2A3942220AD83C6AC9A23
                                                                                                                                                                                                                      SHA-256:2F8A779D146017868E5DD4E67083675DA9AA5B94A174D8B56C33F58F1EE4FD08
                                                                                                                                                                                                                      SHA-512:9D9B29F28B203D371CE65E9395CA67856E5D7952BE46F5C54F05B13545FDCEF7C8C4FC084E239F78B0C4BC21680986D313BCE32EDDD07157FEF7386D601BE24F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........~...-...-...-j..,...-j..,...-j..,...-..0-...-...,...-...,...-...,..-..^-...-{..,...-...-...-...,...-j..,...-s..,...-...-P..-...,Y..-...,...-..2-...-..Z-...-...,...-Rich...-........................PE..d....BHg.........."....&.. .........`..........@..............................6.....=:6...`........................................../,....../,.......4..Y... 3.,...H.5..+...06..U..x.'.......................'.(...p.".@............. .`...p,,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data.......`,..4...@,.............@....pdata..,.... 3......t2.............@..@.didat..P.....4.......4.............@..._RDATA........4.......4.............@..@.rsrc....Y....4..Z....4.............@..@.reloc...U...06..V...`5.............@..B........................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\e5752873-542b-4414-940a-117ab556e630

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:LZMA compressed data, non-streamed, size 1328262
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):143779
                                                                                                                                                                                                                      Entropy (8bit):7.998660051027999
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:3072:woHPYBqeVZAlvBiyK2Cu1ii3ZwA/MifImzB1A4iQrkM:5MqebWBeu1fZwApTztiY
                                                                                                                                                                                                                      MD5:4A31CDEC2EA9DEE0568BEF89D914FA14
                                                                                                                                                                                                                      SHA1:8E4983BBCB0A8D48186BE29E4758849ABF23D661
                                                                                                                                                                                                                      SHA-256:FC8868B60CA6E192DDF9A06CDE31D1D7FF9A19425F8F424CAA627D376C876B06
                                                                                                                                                                                                                      SHA-512:B31A387E051E85DDD7A68B2D72FB59844D220549C000DBBE9DA0AA03978C062501D5BDD95FFFECCBB3D7FD5CC3E24C121652DAA638B8789F76DE1A24EB60174D
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:]..@..D.............f......{3....&.7d..>$....`K...H.......4...^.a.)....0C:.6..n.f.c...j...$Px...........X.PMf$5.B....O..DN....[.d..s..s..M..:B..(.N..L.?7=~Rg.[...N!."..8......1uW.#....;u<Q..MC..Kl.#.9!U.3N..N...^....Gp..a.@....-.m..Q...c.6.....]..vK..I..(.<..s.1h.r..)y.]!J9%...*/.(]X...%."....Y.,.J.......Z..T,....u1.&......n..&.!E$Dn<..;."....@..90H$Jk4..{i%.@^...q;.%.t!......Md..fJp) m.0..>3......hs...Y.4..<...Q8.$.@.n...u..N..X..ia.f..o.."....b<...^X...z.U;..[..[....A.`.W.0.X..l...v.GfM.9..y..q... $.....4E..Xd..[l.>..R...z../KjC*d..9J...!.O..U.^.l..].S).zLS.[90....O."0...kX[$V!...b{...1&.*@a{....|.Bg.....d0K.KGS.....r.h.]m.9..}.>Y.Ha..Sh.\.UgmX.......Hm.!8.?..k..r)..z.M........bc0:...N9?Qf.w78.....j.C y...;...V8.8..'....HE.Ur..A.,.4.....k.:'Vm.M.J.`..V....*.`.U#...\.8.G.`:......7...P."~.T....|...n......qsm.|..a....L......M580...............e...c1.9.8B.i<..@..~...5..&......kl@..<%8./H..R..9...g..nm_...s.c...."...P...Da.$l.#.;c.$d.w.

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):8425288
                                                                                                                                                                                                                      Entropy (8bit):6.449288731687494
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:m0Lwb72hqfl95H41bgHJdEOKyjhlqAkwjJ2UpIYrchS:m0Lwb72Efl95H5SOKyjhlqAkwjJppF
                                                                                                                                                                                                                      MD5:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                                                                      SHA1:667DD38F434B7E7B334C203E06B87892002AA3B0
                                                                                                                                                                                                                      SHA-256:3BA8FBAC3885AA994B335C77D2F1544C6A87420EDC8B0F047B3E46CB527223B1
                                                                                                                                                                                                                      SHA-512:C5E67816FC905836D178A8CFCE7585E383F822987E45BF9078E834BB625ED745918615DB8B83DA34FFB7EE46004F579B4CC2B50BD544249E775BF88D4836385C
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$..........Z...Z...Z........\.I.V...\...I...\...H...\...'......J......|.......Y......R......Y...S.'.X.......@...........Y...Z...W......[......[......G...Z......0...@...0...[...0.K.[...Z.#.X...0...[...RichZ...................PE..d....BHg.........."....&..Y...&......t2........@..........................................`.........................................0.r.......r..............P|..x..Hd...+............g...................... g.(....7^.@.............Z.......r......................text.....Y.......Y................. ..`.rdata...H....Z..J....Y.............@..@.data........`r......Br.............@....pdata...x...P|..z...X{.............@..@.didat..p.............~.............@..._RDATA................~.............@..@.rsrc.................~.............@..@.reloc..............................@..B........................................................

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus_mod.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15688
                                                                                                                                                                                                                      Entropy (8bit):6.958791234525559
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:wORgChIIIYiifE/Pw1/wfT3ir2WSx7bL4cv:ruRYiisPv3iPmbLH
                                                                                                                                                                                                                      MD5:F91371D99394307A7AF600577ED787F3
                                                                                                                                                                                                                      SHA1:D7488B8E6E302CDDA9B49EC7CB927D02A38254C2
                                                                                                                                                                                                                      SHA-256:48C1D01F6234E7C129B31A0C2388DE0F102F718721FEDF18EDBE19971D4222F5
                                                                                                                                                                                                                      SHA-512:F43CE12312A6A2BBEBA57A917DAF28CEE2C36DFE5C9529BB6C89B3390ED3902995F69ED3EBFA8903FD96A093D8DA8251204739A50576DFCE695010833C92C48D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................................*........Rich..................PE..L....AHg...........!...&..................... ...............................P............@E........................ !..\....#..<....0..............H....+...@..(.... ............................................... .. ............................text...U........................... ..`.rdata....... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus_ui.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):12384584
                                                                                                                                                                                                                      Entropy (8bit):6.57357572805349
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:196608:p2BLFQqGBFdSvlxOQAKFt1Sw1flisrqNb:pGLFQ4lxOlKn0MNisrqNb
                                                                                                                                                                                                                      MD5:151364F07CCA741F9E70D2222003AADE
                                                                                                                                                                                                                      SHA1:21C6749D1563FB01A99218B37C8BDAF449BC72E7
                                                                                                                                                                                                                      SHA-256:E9E9A93A90FDACB5677472FBFEB58DFCEA5047E1D044CAE69FE1FAC0378F6D60
                                                                                                                                                                                                                      SHA-512:D1BE3B425CD9BB0321EF33B881E3A6740135B86F7E3041E34ADD38933A5D9E819FF7CCC994C21FB1C306E4284B6C5D86260D54B454A0ECD5FFB3974C053FE52A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........7R..V<..V<..V<.^$?..V<.^$9.TV<......V<...8..V<...9..V<...?..V<.^$8..V<..)8.pV<..)9.aV<......V<.O#8..V<..V<..V<..#9..V<.G#?..V<.G#8..V<.^$=..V<..V=.(U<...5..W<...<..V<......V<..V...V<...>..V<.Rich.V<.........................PE..d....BHg.........."....&.~....a.....P..........@.....................................9....`..................................................................@...H...+... ......@...........................(.......@............................................text....}.......~.................. ..`.rdata...{%......|%.................@..@.data.....4.........................@....pdata..@........ .................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\product-def.xml

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1328262
                                                                                                                                                                                                                      Entropy (8bit):5.392938987790726
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:cwUVl9zvHIiRDSkcu2vlETMoB9SebjSkYu:cwUpAkGu2vlETM1ebjPYu
                                                                                                                                                                                                                      MD5:EB07DF8DD82F53102E8D11BBBC710BB3
                                                                                                                                                                                                                      SHA1:27496ABC3727699B049941D8D601F4C3D3942088
                                                                                                                                                                                                                      SHA-256:6B80FA1F82216A58BDC872DE1A8E2CF9D2C485D135CF3414B797D58EA9354FA4
                                                                                                                                                                                                                      SHA-512:25A4D798601A7CDDE6869B3B8BC01258F4FB98E11DC49A0A531FE7CCE39CE1FBCFE609AC0B67C849E2BA37A558C7DFA7B600E39DFC8F7318BFFE3509A7EFD406
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<?xml version="1.0" ?>.<product name="avg-av">..<product-defs>...<config>....<install-folder name="Antivirus"/>....<program-data-folder name="Antivirus"/>....<registry-key name="Antivirus"/>....<full-name name="AVG Antivirus"/>....<languages>.....<lang>en-us</lang>.....<lang>cs-cz</lang>.....<lang>da-dk</lang>.....<lang>de-de</lang>.....<lang>es-es</lang>.....<lang>fi-fi</lang>.....<lang>fr-fr</lang>.....<lang>hu-hu</lang>.....<lang>id-id</lang>.....<lang>it-it</lang>.....<lang>ja-jp</lang>.....<lang>ko-kr</lang>.....<lang>ms-my</lang>.....<lang>nb-no</lang>.....<lang>nl-nl</lang>.....<lang>pl-pl</lang>.....<lang>pt-br</lang>.....<lang>pt-pt</lang>.....<lang>ru-ru</lang>.....<lang>sk-sk</lang>.....<lang>sr-sp</lang>.....<lang>sv-se</lang>.....<lang>tr-tr</lang>.....<lang>zh-cn</lang>.....<lang>zh-tw</lang>....</languages>...</config>...<vars>....<var name="%V_PRODUCT_PREFIX%">.....<desc lang="en-us">avg</desc>....</var>....<var name="%V_AV_SVC_MODULE%">.....<desc lang="en-us">AVGSvc.ex

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\product-info.xml

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):9546
                                                                                                                                                                                                                      Entropy (8bit):5.274796830995219
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:dO7aJi/aMbmNyyVlMoyZfsUzbmx43/wXnqlcoV0eU7USsOdSIu2EWUYusO4:dUyMmNy0uT1zjyeQeOIxtWUzB4
                                                                                                                                                                                                                      MD5:A34AD82C753D71407866D9A538B50B9C
                                                                                                                                                                                                                      SHA1:3C902044E1124DB647E157E50DBA71EEC20C02F0
                                                                                                                                                                                                                      SHA-256:6DD5A2E60BB46B3BF14A25CC382AD8506FC833DF411BFE64BCBA89A16BE2B41E
                                                                                                                                                                                                                      SHA-512:12890040EE507EB29ADB45EDE7DE7B6F1379F0B9C86BDBCEDB8D09B6F84F71C5820CEF36F4245D8DC605E9FD42BAA24112AA5F44F25B63F27E7C5095B4401C77
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av</name>..<version>24.12.9725.2390</version>..<build-time>1734372882</build-time>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>832f5604ec5e0a80e5c49dce4a6a23fd3864c423876ec26b6b398411dd15d81f</sha-256>....<timestamp>1734372793</timestamp>....<size>7469384</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3e46cb527223b1</sha-256>....<timestamp>1734372794</timestamp>....<size>8425288</size>...</file>...<file>....<conditions>.....<os platform="arm64"/>....</conditions>....<nam

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\setupui.cont

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:XZ compressed data, checksum CRC32
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):388896
                                                                                                                                                                                                                      Entropy (8bit):7.999454561919189
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:6144:cZv1wTLXngkaPp4+eKpqIf+DiqKojxEoiG9jnFgoh5EDgBE+1qPl03uuARWAgTMr:c91wH5STqIf+DiCeM1h5EDsqPKeuAxK0
                                                                                                                                                                                                                      MD5:76344DB87A002E2F8A2D60D4D6EC96D9
                                                                                                                                                                                                                      SHA1:CE2A7412E2CDB002AB70D14AF4BD25E752B6FEC6
                                                                                                                                                                                                                      SHA-256:F6C29C470A756F71F14AD40453E27AA8E141BD3443B84483C733C282EACC8F7F
                                                                                                                                                                                                                      SHA-512:638B7F3854D5ED38924ED5E6C953F986D941460BC5DC3A45A86F741473221473E25988D8DCA0E62D5EB34254CA8E55B44249D86FFCDAD95028DBC18183CCA23E
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:.7zXZ...i".6..!.....F.;...2..].0...?..Lm.K%. .6.X.....L.@#........EG.K._<.g...._...m.D.d...S:4.4J..k...._.B.x...e..E.nT..a...d)$.#...A.....U...i.R.....t..R....D2/!.Y5.......X..yD...*9}I.LN......./5.\Rm....hl~_.n..O.....>....-.~..0..4JO..!.........(.t.O"..D1.u,.>;.FW.^.o......W.n.....b...."...4....M.....k...H.......b...1...&4..<wO....*.j.:...M..i.$.../..U...eN.(.J..H5+.o.g.l0..n....s0...m...T...>..}woH.Y.P.........{l..s.."4.I..rg..\....8.W+H.xur..)M1.Lk.y.g..lT.N...."....\wX.5........2./.=.9..l...PI.o.h..GpTO.4.|":.........6c......X..{?.....Od.r7...Z.1KQx2.....!.C."Y..p+.(..d..<x[.1......<.6.\..c....V......0iQ..b-..i..{........[d.u1k........)...U......U.'?[P/=.3F..........)*g._..N...{.,f..c...n.-...x2.F`>+$ea.....s0..}..d|`......@.h.......i..tt..h*I"C....B.~....o..jc.>KP.QdqYK..@=.....cr..{.1....X.........[S.q.. ..`...l2.%".D.\-..xm......+.Hk.....N..S.G....p*.u~...Ph.?....|.Z ............_...........).....>.u...wRV..?._.....y.!VS.;|.

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\ecoo.edat

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):21
                                                                                                                                                                                                                      Entropy (8bit):3.422577995321604
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:1HRcMK:5RU
                                                                                                                                                                                                                      MD5:3F44A3C655AC2A5C3AB32849ECB95672
                                                                                                                                                                                                                      SHA1:93211445DCF90BB3200ABE3902C2A10FE2BAA8E4
                                                                                                                                                                                                                      SHA-256:51516A61A1E25124173DEF4EF68A6B8BABEDC28CA143F9EEE3E729EBDC1EF31F
                                                                                                                                                                                                                      SHA-512:D3F95262CF3E910DD707DFEEF8D2E9DB44DB76B2A13092D238D0145C822D87A529CA58CCBB24995DFCF6DAD1FFC8CED6D50948BB550760CD03049598C6943BC0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:mmm_irs_ppi_902_451_o

                                                                                                                                                                                                                      C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\icarus-info.xml

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2044
                                                                                                                                                                                                                      Entropy (8bit):5.404054899324111
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:cEYp3dGUS42A+FMyTmc8FcX/AaTbVRKp2lEklM:0NrWA+FtiNcX/AkbVS2FlM
                                                                                                                                                                                                                      MD5:9475D6C541FE13EE78A84402F8A31C92
                                                                                                                                                                                                                      SHA1:A6A44055356F8667D4E426D9547D4AA3DEE9BFC2
                                                                                                                                                                                                                      SHA-256:2D577CDA392DFD64A29F38D45A7CBF0C987590D76444BA9E0B04207B78C4C36B
                                                                                                                                                                                                                      SHA-512:D0A0F651269975AD2B45C5DCCA64893F511628B7F3DD549BCF3277F9E17B761B99CB8C2E7F2E329F6FBB9E8C76013BFA26603BE087D7517DB78EBD62FBF4274E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>.<icarus-info xmlns:xs="http://www.w3.org/2001/XMLSchema-instance">..<file-mapping-sfx>...<handle>274</handle>...<size>1691384</size>..</file-mapping-sfx>..<file-list>...<file>....<alias>sfx-info.xml</alias>....<sha-256>e3ec3a7d2fad564b9481017e1adbe5057a2a0cf8a48f339433e56443adcfb14f</sha-256>....<offset>1670726</offset>....<size>803</size>....<timestamp>1734522436</timestamp>....<flags>0</flags>...</file>...<file>....<alias>avg-av/edition.edat</alias>....<sha-256>e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb</sha-256>....<offset>1671606</offset>....<size>2</size>....<timestamp>1734522436</timestamp>....<flags>0</flags>...</file>...<file>....<alias>avg-av/config.def.edat</alias>....<sha-256>267481c5c3ff66ec6dda02134b1216d85c12470555581f92b423a29c91db547a</sha-256>....<offset>1671688</offset>....<size>8555</size>....<timestamp>1734522278</timestamp>....<flags>1</flags>...</file>..</file-list>..<sfx-dir>C:\Windows\Temp\asw.d8c2b19f

                                                                                                                                                                                                                      C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1691384
                                                                                                                                                                                                                      Entropy (8bit):6.7745330741667
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:dfoyR/GATYvXlTwDljYotFh8OQgxqIFlrhUcPlCbh0lhSMXli8zlo4e4zWKM7:dfJpGATYvXAxFPKIF3TPlCqZ5e4aK
                                                                                                                                                                                                                      MD5:6EBB043BC04784DBC6DF3F4C52391CD0
                                                                                                                                                                                                                      SHA1:D3975382239D916AED32AFE37A32623781450759
                                                                                                                                                                                                                      SHA-256:A599608AA42D0E334E6001CC9B90C0A0672F506B9459246F4A7B53D4AC5D2410
                                                                                                                                                                                                                      SHA-512:96653F518EB6B8AFFBCA0A1DBA61A8D1E5BD49FAD12AE11D605550B35A50814FC81BEF9A383C0659723D8421C71DF90B64E6CB238A60659A2DF85CA5DB28119D
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......c.R.'.<.'.<.'.<...?.(.<...9...<.!T..#.<.!T8.1.<.!T?.;.<.!T9.K.<...8.>.<.l.=.!.<..8...<.....%.<..9.&.<.'.<.+.<...;.&.<...=.6.<.'.=...<.MT5...<.MT<.&.<.MT.&.<.'..$.<.MT>.&.<.Rich'.<.........................PE..L... BHg...............&.(...................@....@..................................(....@..........................z.......{..........Hr...............+......t....................................M..@............@.......v.......................text....'.......(.................. ..`.rdata..LY...@...Z...,..............@..@.data...............................@....didat..T............2..............@....rsrc...Hr.......t...4..............@..@.reloc..t...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\asw.d8c2b19fc2277941\ecoo.edat

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):21
                                                                                                                                                                                                                      Entropy (8bit):3.422577995321604
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:1HRcMK:5RU
                                                                                                                                                                                                                      MD5:3F44A3C655AC2A5C3AB32849ECB95672
                                                                                                                                                                                                                      SHA1:93211445DCF90BB3200ABE3902C2A10FE2BAA8E4
                                                                                                                                                                                                                      SHA-256:51516A61A1E25124173DEF4EF68A6B8BABEDC28CA143F9EEE3E729EBDC1EF31F
                                                                                                                                                                                                                      SHA-512:D3F95262CF3E910DD707DFEEF8D2E9DB44DB76B2A13092D238D0145C822D87A529CA58CCBB24995DFCF6DAD1FFC8CED6D50948BB550760CD03049598C6943BC0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:mmm_irs_ppi_902_451_o

                                                                                                                                                                                                                      C:\Windows\Temp\~DF06CEFE590F8BB82B.TMP

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                      Entropy (8bit):1.171813536999398
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:hW1unZO+xFX4JT5ydaoYS7qdtCSIN8lgk:M1KKTLoYsk
                                                                                                                                                                                                                      MD5:D281C91324C0B4D9F94104D373F06062
                                                                                                                                                                                                                      SHA1:F377C1D17D980E86D7FA7FDCB0E22D9F70A403F0
                                                                                                                                                                                                                      SHA-256:C8715BFE363C09823B14B849BC9A6649997C50F66ADEA510C12542117D983B1B
                                                                                                                                                                                                                      SHA-512:AC063B430F144A09C4C2B1CF3B97D6058CD7C8B417D386DC9AB5E5A96B185A27FE8E854F1A3D61B7D07FA01178DB75A17571672CE6B9FCE178BE45348CB202B8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\~DF11B3A3FD702A174D.TMP

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):69632
                                                                                                                                                                                                                      Entropy (8bit):0.0992713312557087
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:NkQpN8l5ipVvipVJVgd85apGoZkAvJ+md85mg:Nk0N8l5S9S7qdtDRJd
                                                                                                                                                                                                                      MD5:6290064381A906CF7487D3B1EE8D57B6
                                                                                                                                                                                                                      SHA1:958BBD4BC52C249DF29D3969538EB98567B8036C
                                                                                                                                                                                                                      SHA-256:97BF72A318C71402F02A85309926C5EDF2AB99E1A293761E8F6E3009B0A30A79
                                                                                                                                                                                                                      SHA-512:B549D8D618A3C46FB8BD5D52BD7C8222384014785CEC56AC31888C4D48B7DDCF53C9644A1608EBC88A7A1860A5F96034E684B383C65B4303A14647BC6AAFCDF1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\~DF1569BD02F2146AA4.TMP

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                      Entropy (8bit):1.171813536999398
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:hW1unZO+xFX4JT5ydaoYS7qdtCSIN8lgk:M1KKTLoYsk
                                                                                                                                                                                                                      MD5:D281C91324C0B4D9F94104D373F06062
                                                                                                                                                                                                                      SHA1:F377C1D17D980E86D7FA7FDCB0E22D9F70A403F0
                                                                                                                                                                                                                      SHA-256:C8715BFE363C09823B14B849BC9A6649997C50F66ADEA510C12542117D983B1B
                                                                                                                                                                                                                      SHA-512:AC063B430F144A09C4C2B1CF3B97D6058CD7C8B417D386DC9AB5E5A96B185A27FE8E854F1A3D61B7D07FA01178DB75A17571672CE6B9FCE178BE45348CB202B8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\~DF162299BBF8F887DF.TMP

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\~DF353CA1C166C5C256.TMP

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                      Entropy (8bit):0.07728575714935673
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOpIWzraCtjBER9J1iVky6l51:2F0i8n0itFzDHFiqjBER9JTr
                                                                                                                                                                                                                      MD5:87FC8CE0A19F2A7AE5AB2EDCB62F907D
                                                                                                                                                                                                                      SHA1:B370BCD4C62ADFEB1F140C1524ECEA12B310707C
                                                                                                                                                                                                                      SHA-256:AB970EEF0513B00293AAD24A43E25E9101B5220FB59291752E63E2841A35E9EA
                                                                                                                                                                                                                      SHA-512:CEA19F21C4393A92BED63D2E3ADDF97C7C0932F4844935F1F0DA5F337D8EC206138C0D01D0002ADDEB4282981C58221640163AF724FF9231B3E9F1B48B23E3EE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\~DF500AA541FCB2B6F0.TMP

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                      Entropy (8bit):1.171813536999398
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:hW1unZO+xFX4JT5ydaoYS7qdtCSIN8lgk:M1KKTLoYsk
                                                                                                                                                                                                                      MD5:D281C91324C0B4D9F94104D373F06062
                                                                                                                                                                                                                      SHA1:F377C1D17D980E86D7FA7FDCB0E22D9F70A403F0
                                                                                                                                                                                                                      SHA-256:C8715BFE363C09823B14B849BC9A6649997C50F66ADEA510C12542117D983B1B
                                                                                                                                                                                                                      SHA-512:AC063B430F144A09C4C2B1CF3B97D6058CD7C8B417D386DC9AB5E5A96B185A27FE8E854F1A3D61B7D07FA01178DB75A17571672CE6B9FCE178BE45348CB202B8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\~DF5EAA96DB4389143C.TMP

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\~DF60F7B862F663E6F0.TMP

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\~DF6AAE8B8EE76A31A8.TMP

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                      Entropy (8bit):1.453692185776558
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:p8PhNuRc06WX4UFT5TdaoYS7qdtCSIN8lgk:khN1kFTioYsk
                                                                                                                                                                                                                      MD5:2431DD85E2B5130915159F1A322B08BD
                                                                                                                                                                                                                      SHA1:1965F2A0E1BF4F33D6B5A950C3316AF6A0B03696
                                                                                                                                                                                                                      SHA-256:55F05CBCB5E767572913F1AE2516F3B1F413D7BC3A289FDC3123013999D4971A
                                                                                                                                                                                                                      SHA-512:B249D47538607DC175C56805C10D775C99057518B6C8C9DEB19FE3142CB48DB9CCA6C5E5C0AFBC2AFCF419F3C9D55F70CF76CA3433D24091426BF4DED0E362CD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\~DF7888B11679D2CEF2.TMP

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\~DF8053A10EFC4FEB20.TMP

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\Temp\~DFB751F0FA979DE8E6.TMP

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                      Entropy (8bit):1.453692185776558
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:p8PhNuRc06WX4UFT5TdaoYS7qdtCSIN8lgk:khN1kFTioYsk
                                                                                                                                                                                                                      MD5:2431DD85E2B5130915159F1A322B08BD
                                                                                                                                                                                                                      SHA1:1965F2A0E1BF4F33D6B5A950C3316AF6A0B03696
                                                                                                                                                                                                                      SHA-256:55F05CBCB5E767572913F1AE2516F3B1F413D7BC3A289FDC3123013999D4971A
                                                                                                                                                                                                                      SHA-512:B249D47538607DC175C56805C10D775C99057518B6C8C9DEB19FE3142CB48DB9CCA6C5E5C0AFBC2AFCF419F3C9D55F70CF76CA3433D24091426BF4DED0E362CD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1835008
                                                                                                                                                                                                                      Entropy (8bit):4.463156676807175
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:dIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN2dwBCswSbn:OXD94+WlLZMM6YFHg+n
                                                                                                                                                                                                                      MD5:0880AC761D2B5AD2A9DD71AD7FE7E5F4
                                                                                                                                                                                                                      SHA1:FC5317EF776382785C747F3E28CEC4FD1223E84A
                                                                                                                                                                                                                      SHA-256:99078D47CE6B1F31F905096ADD65F4BBC3FA842248C1F27EE4C10C934CE9E583
                                                                                                                                                                                                                      SHA-512:7F52FAB08B8FC692431E8F65F007A091AD33A255B22975B58D29AFE3463C048BF16978381096ABEBDA5AEE78908BCF5B8288377CC2338A4EACD143D45E219010
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:regf7...7....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm>XF..U..............................................................................................................................................................................................................................................................................................................................................kgP.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      \Device\ConDrv

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):148
                                                                                                                                                                                                                      Entropy (8bit):4.893113649611359
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:SKpJOLz3WF+RUepJVcFLzBVZEIIt+kiE2J5xAIzIvk4AIVKwsHeL4AcXOFuun:wL73CepJK3jZhIwkn23fzI4HeLNcXOF9
                                                                                                                                                                                                                      MD5:76960411942DF013A1BCFBB0BCF231B8
                                                                                                                                                                                                                      SHA1:05C4A2B56390D0FA9D132BF9EBCB9E06CE6B6175
                                                                                                                                                                                                                      SHA-256:EE0B277E1954E9D1361A84FCB688CAEF8C3B11F9BC970BE7090D80AAB9423D4A
                                                                                                                                                                                                                      SHA-512:4CD63C6F1BA0C02624B653659B5A109489A159BB12EA834537C0BA55EBABBBFE1388E3D582203239DEF00BCABFF7D0FC1609AC708C3F4143E26E7525E2EEC7AF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:The following command was not found: firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exe qBittorrent ENABLE...

                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Entropy (8bit):7.984930854477816
                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 98.04%
                                                                                                                                                                                                                      • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                                                                                      • InstallShield setup (43055/19) 0.42%
                                                                                                                                                                                                                      • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                                                                      • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                                      File name:Canvas of Kings_N6xC-S2.exe
                                                                                                                                                                                                                      File size:14'472'984 bytes
                                                                                                                                                                                                                      MD5:af45bc08a07f1ba16abe59f29072ebcc
                                                                                                                                                                                                                      SHA1:66edea40ba7b38a45bd856e6889bba12384c458f
                                                                                                                                                                                                                      SHA256:e555c06879ed4eda6277e1fa8a4985590e70d8fa81421103048803e386daaf28
                                                                                                                                                                                                                      SHA512:a4c63d95b2ce3ed6590617e18f18d78a530deb7958fcb4e1ed1b9ab415c4c370e907d2eccc63becb7f2d7dcb7b603125809008d38f450f3462d9b8d61b7f1d97
                                                                                                                                                                                                                      SSDEEP:393216:bBBTeN30LpEiSCC9XSpIFwah3RuINhkUOgs:dtwkLps9Xhrhhuahk5D
                                                                                                                                                                                                                      TLSH:DFE6233FB2A8A13FD5AE0B3149B39350593BB665795A8C1E07F0480DDF6A0611F3B726
                                                                                                                                                                                                                      File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                      Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Entrypoint:0x4b5eec
                                                                                                                                                                                                                      Entrypoint Section:.itext
                                                                                                                                                                                                                      Digitally signed:true
                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                      Time Stamp:0x5FB0F96E [Sun Nov 15 09:48:30 2020 UTC]
                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                                      OS Version Minor:1
                                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                                      File Version Minor:1
                                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                                      Subsystem Version Minor:1
                                                                                                                                                                                                                      Import Hash:5a594319a0d69dbc452e748bcf05892e

                                                                                                                                                                                                                      Authenticode Signature

                                                                                                                                                                                                                      Signature Valid:true
                                                                                                                                                                                                                      Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                                                                                                                                      Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                      Error Number:0
                                                                                                                                                                                                                      Not Before, Not After
                                                                                                                                                                                                                      • 24/03/2024 20:00:00 25/03/2025 19:59:59
                                                                                                                                                                                                                      Subject Chain
                                                                                                                                                                                                                      • CN=MECHA MANGA - FZCO, O=MECHA MANGA - FZCO, S=Dubai, C=AE
                                                                                                                                                                                                                      Version:3
                                                                                                                                                                                                                      Thumbprint MD5:1A2E39E8F90F5FF6D22AD9098F5518F1
                                                                                                                                                                                                                      Thumbprint SHA-1:1F3CCE31883C9EF47711A1EE96294E479CE69CFB
                                                                                                                                                                                                                      Thumbprint SHA-256:42B420F3B7BB52249C84BFDABF29C9D4B5978803163B451821B2501ACB042115
                                                                                                                                                                                                                      Serial:3B1955CFEAA2C9C392292E00287D4A6C

                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                      add esp, FFFFFFA4h
                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                      push edi
                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                      mov dword ptr [ebp-3Ch], eax
                                                                                                                                                                                                                      mov dword ptr [ebp-40h], eax
                                                                                                                                                                                                                      mov dword ptr [ebp-5Ch], eax
                                                                                                                                                                                                                      mov dword ptr [ebp-30h], eax
                                                                                                                                                                                                                      mov dword ptr [ebp-38h], eax
                                                                                                                                                                                                                      mov dword ptr [ebp-34h], eax
                                                                                                                                                                                                                      mov dword ptr [ebp-2Ch], eax
                                                                                                                                                                                                                      mov dword ptr [ebp-28h], eax
                                                                                                                                                                                                                      mov dword ptr [ebp-14h], eax
                                                                                                                                                                                                                      mov eax, 004B10F0h
                                                                                                                                                                                                                      call 00007F456CDFF4F5h
                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                      push 004B65E2h
                                                                                                                                                                                                                      push dword ptr fs:[eax]
                                                                                                                                                                                                                      mov dword ptr fs:[eax], esp
                                                                                                                                                                                                                      xor edx, edx
                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                      push 004B659Eh
                                                                                                                                                                                                                      push dword ptr fs:[edx]
                                                                                                                                                                                                                      mov dword ptr fs:[edx], esp
                                                                                                                                                                                                                      mov eax, dword ptr [004BE634h]
                                                                                                                                                                                                                      call 00007F456CEA1C1Fh
                                                                                                                                                                                                                      call 00007F456CEA1772h
                                                                                                                                                                                                                      lea edx, dword ptr [ebp-14h]
                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                      call 00007F456CE14F68h
                                                                                                                                                                                                                      mov edx, dword ptr [ebp-14h]
                                                                                                                                                                                                                      mov eax, 004C1D84h
                                                                                                                                                                                                                      call 00007F456CDFA0E7h
                                                                                                                                                                                                                      push 00000002h
                                                                                                                                                                                                                      push 00000000h
                                                                                                                                                                                                                      push 00000001h
                                                                                                                                                                                                                      mov ecx, dword ptr [004C1D84h]
                                                                                                                                                                                                                      mov dl, 01h
                                                                                                                                                                                                                      mov eax, dword ptr [004237A4h]
                                                                                                                                                                                                                      call 00007F456CE15FCFh
                                                                                                                                                                                                                      mov dword ptr [004C1D88h], eax
                                                                                                                                                                                                                      xor edx, edx
                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                      push 004B654Ah
                                                                                                                                                                                                                      push dword ptr fs:[edx]
                                                                                                                                                                                                                      mov dword ptr fs:[edx], esp
                                                                                                                                                                                                                      call 00007F456CEA1CA7h
                                                                                                                                                                                                                      mov dword ptr [004C1D90h], eax
                                                                                                                                                                                                                      mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                                      cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                                                                                      jne 00007F456CEA828Ah
                                                                                                                                                                                                                      mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                                      mov edx, 00000028h
                                                                                                                                                                                                                      call 00007F456CE168C4h
                                                                                                                                                                                                                      mov edx, dword ptr [004C1D90h]

                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xf36.idata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x47a0.rsrc
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0xdcab680x2bb0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0xc22e40x244.idata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                      .text0x10000xb361c0xb3800ad6e46e3a3acdb533eb6a077f6d065afFalse0.3448639341051532data6.356058204328091IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .itext0xb50000x16880x1800d40fc822339d01f2abcc5493ac101c94False0.544921875data5.972750055221053IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .data0xb70000x37a40x38004c195d5591f6d61265df08a3733de3a2False0.36097935267857145data5.044400562007734IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                      .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                      .idata0xc20000xf360x1000a73d686f1e8b9bb06ec767721135e397False0.3681640625data4.8987046479600425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                      .didata0xc30000x1a40x20041b8ce23dd243d14beebc71771885c89False0.345703125data2.7563628682496506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                      .edata0xc40000x9a0x20037c1a5c63717831863e018c0f51dabb7False0.2578125data1.8722228665884297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                      .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .rsrc0xc70000x47a00x480059843b0fd96c127dae7f50c49fbe3322False0.3183051215277778data4.520056630364859IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                      RT_ICON0xc74f80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.4637096774193548
                                                                                                                                                                                                                      RT_ICON0xc77e00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5912162162162162
                                                                                                                                                                                                                      RT_ICON0xc79080x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.3935018050541516
                                                                                                                                                                                                                      RT_ICON0xc81b00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4486994219653179
                                                                                                                                                                                                                      RT_ICON0xc87180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5912162162162162
                                                                                                                                                                                                                      RT_STRING0xc88400x360data0.34375
                                                                                                                                                                                                                      RT_STRING0xc8ba00x260data0.3256578947368421
                                                                                                                                                                                                                      RT_STRING0xc8e000x45cdata0.4068100358422939
                                                                                                                                                                                                                      RT_STRING0xc925c0x40cdata0.3754826254826255
                                                                                                                                                                                                                      RT_STRING0xc96680x2d4data0.39226519337016574
                                                                                                                                                                                                                      RT_STRING0xc993c0xb8data0.6467391304347826
                                                                                                                                                                                                                      RT_STRING0xc99f40x9cdata0.6410256410256411
                                                                                                                                                                                                                      RT_STRING0xc9a900x374data0.4230769230769231
                                                                                                                                                                                                                      RT_STRING0xc9e040x398data0.3358695652173913
                                                                                                                                                                                                                      RT_STRING0xca19c0x368data0.3795871559633027
                                                                                                                                                                                                                      RT_STRING0xca5040x2a4data0.4275147928994083
                                                                                                                                                                                                                      RT_RCDATA0xca7a80x10data1.5
                                                                                                                                                                                                                      RT_RCDATA0xca7b80x2c4data0.6384180790960452
                                                                                                                                                                                                                      RT_RCDATA0xcaa7c0x2cdata1.2045454545454546
                                                                                                                                                                                                                      RT_GROUP_ICON0xcaaa80x4cdataEnglishUnited States0.75
                                                                                                                                                                                                                      RT_VERSION0xcaaf40x584dataEnglishUnited States0.28257790368271957
                                                                                                                                                                                                                      RT_MANIFEST0xcb0780x726XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4005464480874317

                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                      kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                                                                                                                      comctl32.dllInitCommonControls
                                                                                                                                                                                                                      version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                                                                                                      user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                                                                                                                      oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                                                                                                                      netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                                                                                                                      advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                                                                                                                      Exports

                                                                                                                                                                                                                      NameOrdinalAddress
                                                                                                                                                                                                                      TMethodImplementationIntercept30x454060
                                                                                                                                                                                                                      __dbk_fcall_wrapper20x40d0a0
                                                                                                                                                                                                                      dbkFCallWrapperAddr10x4be63c

                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                      2024-12-24T12:05:07.412675+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973365.9.108.223443TCP
                                                                                                                                                                                                                      2024-12-24T12:05:10.931298+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973465.9.108.223443TCP
                                                                                                                                                                                                                      2024-12-24T12:05:13.316916+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973565.9.108.223443TCP
                                                                                                                                                                                                                      2024-12-24T12:05:15.044082+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973665.9.108.223443TCP
                                                                                                                                                                                                                      2024-12-24T12:05:17.934719+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973765.9.108.223443TCP
                                                                                                                                                                                                                      2024-12-24T12:05:20.603691+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974065.9.108.223443TCP
                                                                                                                                                                                                                      2024-12-24T12:05:37.502033+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974565.9.108.223443TCP
                                                                                                                                                                                                                      2024-12-24T12:05:41.070960+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974665.9.108.223443TCP
                                                                                                                                                                                                                      2024-12-24T12:05:43.974596+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974765.9.108.223443TCP
                                                                                                                                                                                                                      2024-12-24T12:06:02.333608+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44975565.9.108.223443TCP
                                                                                                                                                                                                                      2024-12-24T12:06:03.135653+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44975644.228.210.164443TCP
                                                                                                                                                                                                                      2024-12-24T12:06:05.321072+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44976265.9.108.223443TCP
                                                                                                                                                                                                                      2024-12-24T12:06:05.668153+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44976344.228.210.164443TCP
                                                                                                                                                                                                                      2024-12-24T12:06:08.293482+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44977265.9.108.105443TCP
                                                                                                                                                                                                                      2024-12-24T12:06:10.938967+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44978334.117.223.223443TCP
                                                                                                                                                                                                                      2024-12-24T12:06:12.737133+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44978644.228.210.164443TCP
                                                                                                                                                                                                                      2024-12-24T12:06:12.767531+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44979234.117.223.223443TCP
                                                                                                                                                                                                                      2024-12-24T12:06:13.851146+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44979465.9.108.105443TCP
                                                                                                                                                                                                                      2024-12-24T12:06:28.531857+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449846104.20.86.8443TCP
                                                                                                                                                                                                                      2024-12-24T12:06:28.967250+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44984544.228.210.164443TCP
                                                                                                                                                                                                                      2024-12-24T12:06:48.949653+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44990734.117.223.223443TCP

                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                      Dec 24, 2024 12:05:05.729350090 CET49733443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:05.729381084 CET4434973365.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:05.729458094 CET49733443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:05.732247114 CET49733443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:05.732260942 CET4434973365.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:07.412556887 CET4434973365.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:07.412674904 CET49733443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:07.446841002 CET49733443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:07.446873903 CET4434973365.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:07.447962046 CET4434973365.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:07.494745016 CET49733443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:07.850611925 CET49733443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:07.850611925 CET49733443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:07.850828886 CET4434973365.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:08.941525936 CET4434973365.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:08.941593885 CET4434973365.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:08.941613913 CET4434973365.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:08.941653013 CET4434973365.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:08.941688061 CET49733443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:08.941698074 CET4434973365.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:08.941731930 CET4434973365.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:08.941746950 CET49733443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:08.941746950 CET49733443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:08.941778898 CET49733443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:08.941823006 CET4434973365.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:08.942039967 CET4434973365.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:08.943728924 CET49733443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:08.943756104 CET4434973365.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:08.943767071 CET49733443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:08.943773031 CET4434973365.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:09.263156891 CET49734443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:09.263251066 CET4434973465.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:09.263556004 CET49734443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:09.263976097 CET49734443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:09.264029026 CET4434973465.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:10.931197882 CET4434973465.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:10.931298018 CET49734443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:10.932864904 CET49734443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:10.932888985 CET4434973465.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:10.933233023 CET4434973465.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:10.934428930 CET49734443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:10.934428930 CET49734443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:10.934473038 CET4434973465.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:11.927805901 CET4434973465.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:11.928020954 CET4434973465.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:11.928092003 CET49734443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:11.928313971 CET49734443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:11.928358078 CET4434973465.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:11.928388119 CET49734443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:11.928402901 CET4434973465.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:11.991692066 CET49735443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:11.991745949 CET4434973565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:11.991836071 CET49735443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:11.992136955 CET49735443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:11.992149115 CET4434973565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:13.316915989 CET49735443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:13.367042065 CET49736443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:13.367095947 CET4434973665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:13.367168903 CET49736443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:13.367626905 CET49736443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:13.367640018 CET4434973665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:15.043992043 CET4434973665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:15.044081926 CET49736443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:15.045506001 CET49736443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:15.045517921 CET4434973665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:15.046024084 CET4434973665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:15.047427893 CET49736443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:15.047456026 CET49736443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:15.047470093 CET4434973665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:16.018150091 CET4434973665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:16.018260002 CET4434973665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:16.018412113 CET49736443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:16.018678904 CET49736443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:16.018702030 CET4434973665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:16.018712997 CET49736443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:16.018717051 CET4434973665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:16.268979073 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:16.269074917 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:16.269164085 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:16.269686937 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:16.269716024 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:17.934585094 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:17.934719086 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:17.936259985 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:17.936281919 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:17.936625004 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:17.937973976 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:17.979353905 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.572820902 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.619889021 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.620903969 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.620929003 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.620975018 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.621026993 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.621040106 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.621098995 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.621150017 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.621150017 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.621180058 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.808712006 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.808777094 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.808816910 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.808845997 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.808876038 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.808892965 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.848505974 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.848536015 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.848582983 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.848598957 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.848633051 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.848650932 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.853399992 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.853461027 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.858335018 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.858395100 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.858402967 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.858421087 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.858478069 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.858499050 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.858516932 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.858530045 CET49737443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.858536005 CET4434973765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.937084913 CET49740443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.937117100 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.937206030 CET49740443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.937679052 CET49740443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:18.937691927 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:20.603581905 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:20.603691101 CET49740443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:20.605231047 CET49740443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:20.605236053 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:20.605730057 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:20.606949091 CET49740443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:20.647377968 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.286230087 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.286262989 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.286282063 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.286367893 CET49740443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.286386013 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.286438942 CET49740443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.468723059 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.468749046 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.468838930 CET49740443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.468849897 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.468900919 CET49740443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.519089937 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.519165039 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.519190073 CET49740443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.519205093 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.519237041 CET49740443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.519272089 CET49740443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.519438982 CET49740443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.519448996 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.519471884 CET49740443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:21.519476891 CET4434974065.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:35.843732119 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:35.843771935 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:35.843825102 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:35.844603062 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:35.844615936 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:37.501959085 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:37.502032995 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:37.505729914 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:37.505748034 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:37.506076097 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:37.517071962 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:37.563330889 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.152534008 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.197666883 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.197694063 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.197736025 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.197760105 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.197812080 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.197858095 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.389447927 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.389503002 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.389523983 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.389549971 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.389564037 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.389584064 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.424189091 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.424247026 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.424299955 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.424326897 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.424344063 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.479228973 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.540335894 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.540363073 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.540402889 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.540441990 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.540524006 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.540538073 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.540599108 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.544317007 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.544378042 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.572580099 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.572626114 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.574466944 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.574476004 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.574552059 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.600831985 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.600852013 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.601010084 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.601017952 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.601062059 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.603708982 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.603769064 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.622240067 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.622273922 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.622304916 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.622312069 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.622349024 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.666711092 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.735011101 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.735021114 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.735049009 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.735107899 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.735117912 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.735160112 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.735179901 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.737464905 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.751838923 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.751859903 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.751905918 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.751913071 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.751940012 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.751950026 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.766952991 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.766974926 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.767002106 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.767007113 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.767030001 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.767050982 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.767054081 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.781589985 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.781616926 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.781653881 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.781662941 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.781697989 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.788192987 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.788258076 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.788266897 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.802841902 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.802865982 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.802905083 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.802915096 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.802942038 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.816636086 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.816665888 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.816734076 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.816742897 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.816770077 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.869851112 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.924304008 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.924318075 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.924348116 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.924359083 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.924391031 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.924406052 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.924427032 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.924454927 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.927967072 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.928025961 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.939618111 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.939640999 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.939693928 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.939702034 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.939754963 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.950690985 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.950714111 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.950759888 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.950766087 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.950807095 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.960087061 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.960105896 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.960144997 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.960154057 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.960177898 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.960201025 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.970905066 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.970922947 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.970976114 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.970982075 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.971079111 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.981034994 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.981054068 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.981096983 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.981102943 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.981125116 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.981136084 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.991852045 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.991871119 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.991919994 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.991925001 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:38.992085934 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.113378048 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.113400936 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.113485098 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.113500118 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.117039919 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.120989084 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.121011972 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.121088028 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.121102095 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.124440908 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.129542112 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.129566908 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.129642963 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.129651070 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.129684925 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.137814999 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.137833118 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.137999058 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.138005972 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.138048887 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.145226002 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.145245075 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.145304918 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.145312071 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.145412922 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.152380943 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.152416945 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.152443886 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.152450085 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.152477026 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.152488947 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.160315037 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.160337925 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.160368919 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.160375118 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.160398006 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.160419941 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.168756962 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.168776035 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.168824911 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.168832064 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.168998003 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.176050901 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.176069975 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.176124096 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.176131010 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.176206112 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.311172009 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.311203003 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.311243057 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.311255932 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.311285019 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.311300993 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.319220066 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.319242954 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.319279909 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.319284916 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.319315910 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.319323063 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.324223995 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.324271917 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.324285984 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.324294090 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.324333906 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.324347019 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.324572086 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.327084064 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.327100039 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.327107906 CET49745443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.327114105 CET4434974565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.405766964 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.405858994 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.405953884 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.406289101 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:39.406323910 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.070877075 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.070960045 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.072451115 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.072474957 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.072988033 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.074434996 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.115360975 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.706865072 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.755141020 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.755193949 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.755255938 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.755306005 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.755350113 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.755373955 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.939853907 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.939919949 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.940001011 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.940068960 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.940104961 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.940129042 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.984508038 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.984558105 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.984611034 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.984648943 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.984680891 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:41.984702110 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.100559950 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.100605965 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.100681067 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.100704908 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.100733042 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.133641005 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.133687019 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.133728981 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.133754015 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.133781910 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.157949924 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.157993078 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.158056021 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.158092976 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.158121109 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.176506042 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.176525116 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.176574945 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.176597118 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.176620007 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.229357004 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.285890102 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.285906076 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.285939932 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.285993099 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.286021948 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.286072969 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.286072969 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.286309004 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.286354065 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.286385059 CET49746443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.286401033 CET4434974665.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.302280903 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.302337885 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.302409887 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.302736998 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:42.302752018 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:43.974493027 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:43.974596024 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:43.975847006 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:43.975856066 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:43.976255894 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:43.977394104 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.019381046 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.606175900 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.651114941 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.652787924 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.652816057 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.652870893 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.652870893 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.652903080 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.652921915 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.652931929 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.652942896 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.652951002 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.652987957 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.842470884 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.842536926 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.842581987 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.842607975 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.842641115 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.842654943 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.877907038 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.877990961 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.878010988 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.878031969 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.878061056 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.894073009 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.894129992 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.894151926 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.894157887 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:44.894203901 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.014225006 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.014276981 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.014314890 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.014322042 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.014378071 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.041843891 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.041888952 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.041918039 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.041924953 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.041946888 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.041973114 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.064368010 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.064414978 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.064455986 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.064465046 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.064501047 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.064522982 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.083240986 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.083288908 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.083333015 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.083338976 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.083363056 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.083385944 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.199934959 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.199979067 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.200038910 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.200051069 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.200088024 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.200110912 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.215593100 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.215646982 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.215668917 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.215673923 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.215709925 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.215728045 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.231189013 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.231230974 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.231395006 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.231400967 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.231450081 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.244261026 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.244304895 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.244339943 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.244344950 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.244381905 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.244404078 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.248433113 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.248495102 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.262656927 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.262701035 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.262754917 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.262767076 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.262793064 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.275907040 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.275976896 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.275979042 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.276007891 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.276045084 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.323105097 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.378973007 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.379020929 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.379050970 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.379059076 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.379089117 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.379106998 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.390142918 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.390192032 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.390230894 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.390243053 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.390279055 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.390290976 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.402018070 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.402064085 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.402113914 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.402127981 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.402156115 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.402179956 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.413041115 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.413083076 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.413134098 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.413144112 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.413186073 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.422431946 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.422477007 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.422523975 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.422530890 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.422564030 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.422584057 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.434119940 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.434164047 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.434201956 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.434209108 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.434267998 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.443581104 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.443649054 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.443684101 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.443742037 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.452879906 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.452920914 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.452944994 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.452950001 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.452975988 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.452995062 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.569258928 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.569315910 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.569365978 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.569394112 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.569411993 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.569441080 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.577970028 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.578015089 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.578067064 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.578079939 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.578105927 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.578121901 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.586324930 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.586401939 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.586406946 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.586432934 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.586458921 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.586472034 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.592634916 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.592680931 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.592711926 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.592721939 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.592751980 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.592758894 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.600430012 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.600452900 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.600500107 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.600508928 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.600531101 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.600543976 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.608387947 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.608414888 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.608510017 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.608517885 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.608555079 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.615897894 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.615978956 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.615981102 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.616014004 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.616043091 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.616063118 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.616066933 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.623754025 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.623780012 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.623833895 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.623842001 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.623891115 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.666754007 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.761224985 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.761251926 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.761308908 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.761329889 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.761363029 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.761377096 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.768757105 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.768778086 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.768852949 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.768858910 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.768896103 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.776575089 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.776595116 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.776643038 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.776648998 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.776683092 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.776700974 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.783014059 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.783076048 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.783082962 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.783101082 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.783134937 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.783981085 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.790705919 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.790724039 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.790788889 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.790793896 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.790844917 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.798180103 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.798221111 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.798254013 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.798258066 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.798300028 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.805382013 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.805399895 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.805449009 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.805454016 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.805490017 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.812969923 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.812988997 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.813055038 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.813060045 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.813092947 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.848819971 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.953512907 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.953566074 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.953589916 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.953599930 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.953623056 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.953648090 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.953651905 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.961308002 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.961338997 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.961369038 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.961376905 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.961410999 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.968774080 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.968792915 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.968842983 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.968849897 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.968868971 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.975404024 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.975428104 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.975472927 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.975478888 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.975508928 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.983104944 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.983127117 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.983159065 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.983164072 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.983201981 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.990679026 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.990699053 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.990756989 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.990762949 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.997773886 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.997797012 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.997832060 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.997837067 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:45.997876883 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.005522013 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.005561113 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.005583048 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.005588055 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.005616903 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.057713032 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.146377087 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.146388054 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.146409988 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.146436930 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.146486044 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.146492958 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.146526098 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.152681112 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.152723074 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.152741909 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.152748108 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.152780056 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.160322905 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.160341978 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.160375118 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.160379887 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.160420895 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.166929960 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.166965008 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.167138100 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.167143106 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.172869921 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.172899961 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.172933102 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.172939062 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.172960043 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.172983885 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.180010080 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.180028915 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.180067062 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.180077076 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.180094004 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.180114985 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.187227964 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.187251091 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.187288046 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.187292099 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.187323093 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.187331915 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.194971085 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.194994926 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.195033073 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.195039034 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.195064068 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.195086002 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.201350927 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.201370001 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.201421022 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.201426983 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.201463938 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.342433929 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.342480898 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.342510939 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.342564106 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.342572927 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.342612028 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.350028992 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.350052118 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.350085974 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.350090981 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.350121021 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.350140095 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.357518911 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.357541084 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.357580900 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.357584953 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.357609987 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.357633114 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.365240097 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.365258932 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.365299940 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.365304947 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.365329981 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.365353107 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.372049093 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.372070074 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.372107029 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.372112036 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.372313023 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.379012108 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.379030943 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.379070997 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.379076958 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.379101038 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.379118919 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.386662006 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.386682987 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.386719942 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.386724949 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.386750937 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.386770964 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.394166946 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.394186974 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.394292116 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.394298077 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.394335032 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.394347906 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.534945965 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.535001040 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.535048962 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.535063028 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.535145044 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.535145044 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.542546988 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.542627096 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.542654991 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.542670012 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.542695045 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.542710066 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.550096035 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.550137997 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.550174952 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.550182104 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.550215960 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.550235987 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.556626081 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.556646109 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.556706905 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.556715012 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.556756020 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.564294100 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.564312935 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.564376116 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.564383030 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.564421892 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.571893930 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.571912050 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.571985960 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.571995020 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.572041988 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.579119921 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.579140902 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.579205990 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.579211950 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.579257965 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.586602926 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.586622000 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.586678982 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.586685896 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.586721897 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.727368116 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.727413893 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.727471113 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.727483034 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.727511883 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.727529049 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.734853983 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.734875917 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.734951019 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.734958887 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.734997988 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.742554903 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.742574930 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.742650032 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.742659092 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.742714882 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.749171019 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.749191999 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.749242067 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.749253988 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.749290943 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.749305010 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.756781101 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.756803989 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.756844997 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.756854057 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.756884098 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.756903887 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.763847113 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.763865948 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.763933897 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.763941050 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.763978958 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.771440983 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.771465063 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.771532059 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.771538973 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.771579981 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.779062033 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.779081106 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.779135942 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.779143095 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.779170036 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.779186964 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.920233965 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.920278072 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.920312881 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.920322895 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.920356035 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.920377970 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.926790953 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.926834106 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.926871061 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.926877022 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.926894903 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.926918030 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.934403896 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.934446096 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.934492111 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.934498072 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.934540033 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.934549093 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.942148924 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.942192078 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.942220926 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.942226887 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.942261934 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.942281008 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.949780941 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.949820995 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.949851990 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.949857950 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.949884892 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.949907064 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.956792116 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.956834078 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.956872940 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.956877947 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.956907034 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.956923008 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.963565111 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.963586092 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.963654995 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.963661909 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.963699102 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.971055984 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.971075058 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.971138954 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.971146107 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:46.971204042 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.112324953 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.112358093 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.112436056 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.112461090 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.112504959 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.119900942 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.119929075 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.119982004 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.119993925 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.120018005 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.120038986 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.126698971 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.126720905 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.126776934 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.126785040 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.126840115 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.134099007 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.134120941 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.134167910 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.134176016 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.134192944 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.134212971 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.141767979 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.141815901 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.141830921 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.141835928 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.141865969 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.141885996 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.148873091 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.148899078 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.148937941 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.148943901 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.148963928 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.148986101 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.156541109 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.156565905 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.156738043 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.156744957 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.156791925 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.163155079 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.163177013 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.163230896 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.163238049 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.163270950 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.163285017 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.305203915 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.305233955 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.305324078 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.305356026 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.305435896 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.311815977 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.311841011 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.311896086 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.311908960 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.311938047 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.311954975 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.319453001 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.319473028 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.319541931 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.319555998 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.319586039 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.319595098 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.327156067 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.327218056 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.327259064 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.327271938 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.327300072 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.327318907 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.333765030 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.333810091 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.333844900 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.333857059 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.333890915 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.333905935 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.341795921 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.341840029 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.341886997 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.341898918 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.341936111 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.341947079 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.348517895 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.348593950 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.348630905 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.348642111 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.348666906 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.348686934 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.356039047 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.356081009 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.356117964 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.356137037 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.356154919 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.356178999 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.496853113 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.496943951 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.496983051 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.497021914 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.497039080 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.497059107 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.504445076 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.504523039 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.504692078 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.504703999 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.504890919 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.511079073 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.511137009 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.511157036 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.511167049 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.511195898 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.511214972 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.518718958 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.518748045 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.518789053 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.518800020 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.518815994 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.518838882 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.526190996 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.526228905 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.526262999 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.526271105 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.526293039 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.526309013 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.533318996 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.533339977 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.533387899 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.533395052 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.533432007 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.541080952 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.541101933 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.541176081 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.541184902 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.541225910 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.547687054 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.547708035 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.547766924 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.547775984 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.547796965 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.547816038 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.688879013 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.688903093 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.688956022 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.688985109 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.689013958 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.689034939 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.696454048 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.696491957 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.696528912 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.696538925 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.696573019 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.696594000 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.703135967 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.703165054 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.703202009 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.703211069 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.703247070 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.703263998 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.710866928 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.710889101 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.710959911 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.710968971 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.711013079 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.718333006 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.718355894 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.718416929 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.718426943 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.718463898 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.718472958 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.725565910 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.725586891 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.725629091 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.725644112 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.725657940 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.725682974 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.733201981 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.733222961 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.733261108 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.733268976 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.733289957 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.733309031 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.739964962 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.739991903 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.740077972 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.740087032 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.740133047 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.881469011 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.881493092 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.881592035 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.881619930 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.881665945 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.888438940 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.888461113 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.888509035 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.888518095 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.888549089 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.888567924 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.895775080 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.895797014 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.895848036 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.895858049 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.895900965 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.903327942 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.903352022 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.903409958 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.903419018 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.903460026 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.910989046 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.911025047 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.911055088 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.911065102 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.911092997 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.911103964 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.918119907 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.918159962 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.918199062 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.918206930 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.918221951 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.918240070 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.924799919 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.924822092 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.924865007 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.924875975 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.924890995 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.924910069 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.932543039 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.932564020 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.932611942 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.932624102 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:47.932660103 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.073951960 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.073976040 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.074054003 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.074079990 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.074122906 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.080641985 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.080667973 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.080729008 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.080739975 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.080780029 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.088251114 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.088272095 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.088336945 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.088346004 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.088392019 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.095729113 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.095753908 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.095858097 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.095876932 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.095937967 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.103425980 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.103457928 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.103526115 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.103535891 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.103575945 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.110546112 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.110569954 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.110647917 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.110656023 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.110697031 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.117113113 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.117135048 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.117178917 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.117189884 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.117223024 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.119920969 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.259567976 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.259591103 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.259721994 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.259747982 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.259814024 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.265965939 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.265985966 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.266097069 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.266105890 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.266149044 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.273575068 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.273596048 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.273644924 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.273654938 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.273689032 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.273699999 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.280235052 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.280255079 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.280297995 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.280308962 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.280338049 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.280360937 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.288079977 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.288116932 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.288166046 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.288178921 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.288197994 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.288213015 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.295483112 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.295504093 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.295579910 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.295591116 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.295634985 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.302793980 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.302814960 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.302880049 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.302891970 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.302932024 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.310384989 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.310415030 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.310461044 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.310473919 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.310513020 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.310513020 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.327717066 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.451658010 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.451685905 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.451739073 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.451754093 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.451772928 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.451788902 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.458039045 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.458081007 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.458112955 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.458120108 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.458148003 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.458163977 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.465715885 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.465735912 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.465785027 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.465791941 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.465821981 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.465838909 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.472418070 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.472440004 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.472497940 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.472506046 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.472527027 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.472546101 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.480045080 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.480065107 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.480143070 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.480151892 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.480192900 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.487703085 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.487725019 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.487787962 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.487799883 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.487838030 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.494699001 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.494735003 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.494802952 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.494813919 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.494868040 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.502469063 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.502500057 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.502566099 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.502578974 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.502602100 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.502621889 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.644047022 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.644072056 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.644166946 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.644186974 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.644232035 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.650506973 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.650530100 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.650607109 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.650614977 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.650657892 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.658010006 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.658045053 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.658098936 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.658107042 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.658157110 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.658174038 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.664783001 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.664813042 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.664875984 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.664885044 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.664928913 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.672394991 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.672416925 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.672475100 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.672482967 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.672523022 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.679954052 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.679975033 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.680022001 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.680030107 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.680048943 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.680151939 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.687127113 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.687149048 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.687196016 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.687203884 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.687227011 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.687246084 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.694849014 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.694869995 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.694921970 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.694931030 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.694956064 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.694977999 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.838380098 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.838402987 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.838490963 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.838507891 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.838552952 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.844487906 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.844510078 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.844552040 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.844561100 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.844592094 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.844602108 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.852113008 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.852134943 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.852176905 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.852185011 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.852206945 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.852237940 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.859581947 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.859603882 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.859646082 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.859654903 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.859689951 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.859700918 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.867372990 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.867396116 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.867436886 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.867445946 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.867471933 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.867501020 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.873964071 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.873985052 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.874022961 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.874032021 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.874058008 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.874073029 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.881134987 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.881160975 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.881191969 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.881200075 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.881222010 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.881246090 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.888715982 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.888739109 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.888778925 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.888787031 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.888811111 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:48.888835907 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.030241013 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.030268908 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.030349016 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.030359983 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.030389071 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.030411005 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.036998987 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.037029028 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.037074089 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.037081957 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.037105083 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.037116051 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.044429064 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.044469118 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.044500113 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.044507027 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.044527054 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.044540882 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.052134991 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.052156925 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.052196980 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.052206039 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.052225113 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.052241087 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.058796883 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.058824062 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.058855057 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.058862925 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.058887005 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.058901072 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.066498041 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.066536903 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.066564083 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.066571951 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.066598892 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.066608906 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.073602915 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.073623896 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.073663950 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.073672056 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.073699951 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.073709965 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.081078053 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.081140041 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.081177950 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.081186056 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.081198931 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.081221104 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.222645044 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.222704887 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.222743988 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.222760916 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.222788095 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.222809076 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.228640079 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.228681087 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.228717089 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.228724003 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.228756905 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.236291885 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.236336946 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.236362934 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.236371994 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.236401081 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.243047953 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.243089914 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.243108988 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.243130922 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.243168116 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.250619888 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.250662088 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.250695944 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.250704050 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.250721931 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.255889893 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.255943060 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.255948067 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.255960941 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.255995989 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.257066011 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.257128954 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.264708996 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.264751911 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.264786005 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.264794111 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.264807940 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.264832020 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.271997929 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.272056103 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.272094011 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.272109985 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.272121906 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.272150040 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.279488087 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.279532909 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.279572964 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.279580116 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.279603004 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.279632092 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.419677019 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.419727087 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.419775009 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.419790030 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.419826031 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.426429033 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.426470041 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.426513910 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.426522017 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.426542997 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.434068918 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.434109926 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.434146881 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.434154987 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.434168100 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.441708088 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.441747904 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.441770077 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.441778898 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.441826105 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.448146105 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.448184967 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.448230028 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.448239088 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.448266983 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.448286057 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.450448990 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.450517893 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.458534956 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.458578110 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.458600998 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.458620071 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.458652020 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.465287924 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.465334892 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.465354919 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.465364933 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.465399027 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.510493994 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.607207060 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.607279062 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.607347965 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.607347965 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.607371092 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.607415915 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.611939907 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.612015009 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.612018108 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.612052917 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.612076998 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.618782043 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.618824005 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.618863106 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.618870974 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.618901968 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.626391888 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.626431942 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.626462936 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.626473904 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.626517057 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.633949041 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.633991957 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.634022951 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.634030104 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.634043932 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.639337063 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.639374018 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.639394045 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.639419079 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.639432907 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.641566038 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.641640902 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.641657114 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.641705990 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.649115086 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.649187088 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.649187088 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.649218082 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.649244070 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.649256945 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.656258106 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.656301022 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.656335115 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.656342983 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.656366110 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.656387091 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.663921118 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.663964987 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.663990974 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.663999081 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.664019108 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.664036036 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.804714918 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.804759979 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.804923058 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.804934978 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.804980040 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.812221050 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.812263966 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.812306881 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.812314034 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.812325954 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.812465906 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.820029020 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.820069075 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.820126057 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.820133924 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.820173025 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.820189953 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.826488972 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.826531887 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.826567888 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.826575994 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.826606989 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.826628923 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.834213018 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.834254026 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.834283113 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.834290981 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.834306955 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.834333897 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.841758013 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.841799021 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.841840029 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.841849089 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.841880083 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.841897011 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.848921061 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.848994017 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.848998070 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.849025011 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.849051952 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.849072933 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.856600046 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.856642008 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.856678963 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.856687069 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.856718063 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.856729984 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.996870995 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.996972084 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.996974945 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.996998072 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.997036934 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:49.997059107 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.004462004 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.004551888 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.004571915 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.004642010 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.012237072 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.012278080 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.012322903 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.012332916 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.012356997 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.012377024 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.018942118 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.018985033 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.019016027 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.019023895 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.019043922 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.019064903 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.026911974 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.026952982 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.026981115 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.026988029 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.027012110 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.027034044 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.033931017 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.033972979 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.034007072 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.034014940 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.034048080 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.034058094 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.041155100 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.041202068 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.041233063 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.041239977 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.041258097 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.041281939 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.048796892 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.048850060 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.048885107 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.048892975 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.048924923 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.048943043 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.194633961 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.194739103 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.194744110 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.194785118 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.194818020 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.194829941 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.201020956 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.201065063 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.201105118 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.201122046 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.201137066 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.201160908 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.208802938 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.208877087 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.208897114 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.208961964 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.216233969 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.216276884 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.216337919 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.216346025 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.216371059 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.216384888 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.223561049 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.223604918 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.223653078 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.223660946 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.223690033 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.223711967 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.231429100 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.231470108 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.231530905 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.231539965 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.231566906 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.231576920 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.237683058 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.237725973 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.237783909 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.237796068 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.237833023 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.237854958 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.245415926 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.245460987 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.245517969 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.245527983 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.245564938 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.245589972 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.387463093 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.387509108 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.387545109 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.387562037 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.387631893 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.387830973 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.394193888 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.394238949 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.394268036 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.394277096 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.394511938 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.394512892 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.402375937 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.402420998 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.402456045 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.402463913 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.402493000 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.402513981 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.410192966 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.410233974 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.410267115 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.410275936 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.410303116 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.410322905 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.416965008 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.417006016 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.417047977 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.417056084 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.417087078 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.417104006 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.424216986 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.424261093 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.424308062 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.424315929 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.424339056 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.424361944 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.430783987 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.430825949 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.430860996 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.430869102 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.430903912 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.430916071 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.438543081 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.438601017 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.438632965 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.438641071 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.438671112 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.438688040 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.580059052 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.580110073 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.580173969 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.580198050 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.580226898 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.580238104 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.587519884 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.587564945 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.587601900 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.587614059 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.587640047 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.587662935 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.594201088 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.594244957 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.594306946 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.594317913 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.594356060 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.594371080 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.601547003 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.601623058 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.601624966 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.601653099 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.601687908 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.601708889 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.608824968 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.608899117 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.608903885 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.608922958 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.608958960 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.608974934 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.616590023 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.616656065 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.616664886 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.616677999 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.616715908 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.616730928 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.624056101 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.624121904 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.624140978 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.624149084 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.624177933 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.624193907 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.630776882 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.630820990 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.630891085 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.630897999 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.630923033 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.630981922 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.772412062 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.772488117 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.772505045 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.772522926 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.772551060 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.772571087 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.779006958 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.779047966 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.779082060 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.779089928 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.779124975 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.779138088 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.786612034 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.786652088 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.786683083 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.786691904 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.786732912 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.794223070 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.794261932 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.794312954 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.794322014 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.794339895 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.794361115 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.801738024 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.801786900 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.801811934 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.801819086 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.801846027 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.801861048 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.809058905 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.809102058 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.809133053 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.809146881 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.809166908 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.809181929 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.815715075 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.815756083 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.815788031 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.815800905 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.815815926 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.815839052 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.823335886 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.823379993 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.823412895 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.823421955 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.823441982 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.823457956 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.964591026 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.964659929 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.964695930 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.964711905 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.964749098 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.964768887 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.972151995 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.972194910 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.972275019 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.972285032 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.972323895 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.978794098 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.978837013 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.978876114 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.978883982 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.978913069 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.978931904 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.986812115 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.986870050 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.986912966 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.986924887 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.986958027 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.986975908 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.993500948 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.993555069 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.993599892 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.993608952 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.993643999 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:50.993664980 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.001219988 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.001267910 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.001312017 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.001323938 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.001353979 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.001369953 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.008802891 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.008846998 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.008878946 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.008887053 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.008914948 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.008928061 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.014220953 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.014286041 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.014298916 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.014307022 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.014341116 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.155131102 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.155189991 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.155237913 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.155258894 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.155284882 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.155320883 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.162359953 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.162405968 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.162448883 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.162456036 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.162489891 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.162508965 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.169939995 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.169985056 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.170028925 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.170037031 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.170068026 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.170084000 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.176726103 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.176768064 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.176805973 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.176812887 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.176845074 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.176863909 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.184200048 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.184243917 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.184283018 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.184290886 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.184323072 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.184344053 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.191442966 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.191524029 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.191524982 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.191555023 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.191590071 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.191601992 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.198879957 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.198920012 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.198961973 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.198970079 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.199003935 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.199018955 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.206543922 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.206584930 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.206628084 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.206635952 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.206672907 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.346857071 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.346903086 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.346937895 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.346955061 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.346968889 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.346997976 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.354655981 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.354700089 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.354724884 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.354732990 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.354753971 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.354777098 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.361972094 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.362015009 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.362040997 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.362049103 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.362068892 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.362107992 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.369611025 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.369636059 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.369677067 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.369684935 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.369700909 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.369726896 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.376663923 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.376679897 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.376728058 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.376735926 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.376748085 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.376770973 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.379947901 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.380007029 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.386569023 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.386584044 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.386642933 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.386651993 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.386691093 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.394292116 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.394306898 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.394344091 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.394352913 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.394366026 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.394392014 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.535523891 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.535542965 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.535742044 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.535762072 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.535809994 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.542184114 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.542207003 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.542254925 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.542264938 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.542298079 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.542316914 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.549859047 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.549874067 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.549926043 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.549935102 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.549973965 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.557441950 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.557462931 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.557502985 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.557511091 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.557537079 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.557557106 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.565099955 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.565115929 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.565181017 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.565201044 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.565241098 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.572197914 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.572212934 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.572271109 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.572283983 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.572324991 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.578830957 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.578845024 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.578922987 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.578933954 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.578984022 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.586528063 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.586543083 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.586626053 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.586643934 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.586697102 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.728202105 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.728218079 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.728275061 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.728290081 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.728342056 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.734828949 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.734843016 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.734911919 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.734920979 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.734961987 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.742393970 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.742409945 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.742466927 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.742477894 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.742532969 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.749999046 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.750014067 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.750076056 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.750085115 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.750124931 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.756769896 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.756784916 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.756835938 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.756844044 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.756889105 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.764847994 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.764866114 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.764905930 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.764914989 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.764945984 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.764962912 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.771445990 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.771461010 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.771517038 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.771526098 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.771559000 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.779037952 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.779062033 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.779104948 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.779113054 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.779134989 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.779162884 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.920597076 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.920614004 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.920692921 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.920706034 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.920747042 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.928189993 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.928205013 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.928272009 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.928282022 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.928324938 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.934839010 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.934854984 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.934931040 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.934941053 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.934984922 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.942583084 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.942599058 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.942672968 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.942682028 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.942722082 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.950068951 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.950083971 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.950126886 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.950135946 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.950164080 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.950176001 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.957206964 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.957221985 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.957273960 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.957282066 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.957308054 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.957319975 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.964821100 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.964835882 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.964998960 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.965008020 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.965050936 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.971756935 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.971771002 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.971837044 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.971853971 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:51.971890926 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.112468958 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.112484932 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.112597942 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.112611055 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.112660885 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.119879961 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.119894981 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.119960070 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.119968891 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.120012999 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.127537012 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.127551079 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.127612114 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.127620935 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.127660036 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.135175943 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.135190964 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.135241032 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.135248899 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.135273933 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.135292053 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.141705990 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.141721964 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.141783953 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.141793013 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.141832113 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.149815083 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.149830103 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.149883986 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.149893045 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.149930954 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.156541109 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.156555891 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.156619072 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.156627893 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.156667948 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.164165974 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.164180994 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.164239883 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.164254904 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.164303064 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.305124998 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.305149078 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.305258036 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.305279016 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.305332899 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.312700033 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.312715054 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.312781096 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.312791109 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.312829971 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.319327116 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.319340944 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.319401979 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.319411039 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.319449902 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.327012062 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.327027082 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.327096939 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.327105045 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.327142954 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.334556103 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.334572077 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.334628105 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.334635973 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.334670067 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.341686010 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.341701031 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.341762066 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.341770887 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.341809988 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.349287033 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.349302053 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.349361897 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.349370956 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.349411011 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.355998993 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.356014967 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.356069088 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.356076956 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.356102943 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.356117964 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.497502089 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.497535944 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.497610092 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.497622967 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.497668028 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.504965067 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.505000114 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.505034924 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.505043983 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.505068064 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.505089045 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.512588024 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.512603045 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.512666941 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.512676954 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.512715101 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.519459009 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.519474030 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.519532919 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.519541979 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.519582033 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.526911020 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.526926041 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.526984930 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.526993036 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.527031898 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.534059048 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.534075975 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.534135103 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.534142971 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.534182072 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.541580915 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.541595936 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.541650057 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.541659117 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.541698933 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.549268007 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.549283028 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.549334049 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.549343109 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.549380064 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.689713001 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.689728975 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.689820051 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.689837933 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.689882040 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.697227001 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.697242975 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.697432995 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.697448015 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.697499037 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.704863071 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.704878092 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.704950094 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.704958916 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.704998970 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.711659908 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.711675882 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.711738110 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.711746931 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.711785078 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.719101906 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.719118118 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.719185114 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.719193935 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.719249964 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.726624966 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.726639986 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.726706028 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.726721048 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.726758003 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.733849049 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.733864069 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.733931065 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.733939886 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.733978987 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.741486073 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.741501093 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.741563082 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.741571903 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.741611004 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.881843090 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.881859064 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.882050037 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.882061958 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.882111073 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.889486074 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.889511108 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.889560938 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.889569044 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.889606953 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.889626980 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.897047043 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.897063971 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.897136927 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.897152901 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.897211075 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.903939962 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.903956890 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.904016018 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.904025078 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.904066086 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.911318064 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.911339045 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.911391973 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.911400080 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.911436081 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.914551973 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.914618015 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.921809912 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.921823978 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.921886921 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.921896935 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.929330111 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.929351091 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.929410934 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.929419994 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.936947107 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.936961889 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.937021017 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.937030077 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:52.979260921 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.077373028 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.077382088 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.077459097 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.077461004 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.077516079 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.077527046 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.077541113 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.077574968 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.084939957 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.084954977 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.085021019 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.085030079 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.085072994 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.092741013 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.092756987 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.092818975 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.092827082 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.092866898 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.099333048 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.099349022 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.099409103 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.099417925 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.099458933 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.107150078 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.107172012 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.107223988 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.107232094 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.107248068 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.107265949 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.114033937 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.114048958 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.114114046 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.114123106 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.114161015 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.121526957 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.121541023 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.121604919 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.121613026 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.121659994 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.129185915 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.129201889 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.129260063 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.129268885 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.129306078 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.269860029 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.269875050 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.269964933 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.269979000 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.270024061 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.272927046 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.273005962 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.278323889 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.278395891 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.278418064 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.278419018 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.278465986 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.278590918 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.278611898 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.278625965 CET49747443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:05:53.278633118 CET4434974765.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:00.666676998 CET49755443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:00.666714907 CET4434975565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:00.666853905 CET49755443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:00.668288946 CET49755443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:00.668299913 CET4434975565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.197556973 CET49756443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.197592020 CET4434975644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.197689056 CET49756443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.198915005 CET49756443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.198926926 CET4434975644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:02.333398104 CET4434975565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:02.333607912 CET49755443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:02.384140968 CET49755443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:02.384155035 CET4434975565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:02.385092974 CET4434975565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:02.387257099 CET49755443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:02.387331963 CET49755443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:02.387337923 CET4434975565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.135566950 CET4434975644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.135653019 CET49756443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.137285948 CET49756443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.137295008 CET4434975644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.137639046 CET4434975644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.180608988 CET49756443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.180624962 CET49756443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.180630922 CET4434975644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.300282001 CET4434975565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.300483942 CET4434975565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.300637007 CET49755443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.300637007 CET49755443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.300637007 CET49755443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.526169062 CET49755443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.526192904 CET4434975565.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.652915001 CET49762443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.653024912 CET4434976265.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.653101921 CET49762443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.653422117 CET49762443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.653458118 CET4434976265.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.685473919 CET4434975644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.685691118 CET4434975644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.685750961 CET49756443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.685832977 CET49756443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.685849905 CET4434975644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.731336117 CET49763443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.731385946 CET4434976344.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.731461048 CET49763443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.731657982 CET49763443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.731683969 CET4434976344.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:04.223633051 CET4976680192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:04.343128920 CET804976634.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:04.343269110 CET4976680192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:04.343735933 CET4976680192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:04.343735933 CET4976680192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:04.463211060 CET804976634.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:04.463222027 CET804976634.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.320993900 CET4434976265.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.321072102 CET49762443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.322274923 CET49762443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.322288990 CET4434976265.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.323154926 CET4434976265.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.324413061 CET49762443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.324448109 CET49762443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.324465036 CET4434976265.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.448127031 CET804976634.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.495038986 CET4976680192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.666943073 CET4434976344.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.668153048 CET49763443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.668188095 CET4434976344.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.668963909 CET49763443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.668971062 CET4434976344.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.668989897 CET49763443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.668998003 CET4434976344.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.024312019 CET4434976265.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.024684906 CET4434976265.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.024763107 CET49762443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.024913073 CET49762443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.024946928 CET4434976265.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.024972916 CET49762443192.168.2.465.9.108.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.024986982 CET4434976265.9.108.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.176786900 CET4434976344.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.177061081 CET49763443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.809683084 CET49772443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.809741020 CET4434977265.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.809813023 CET49772443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.810195923 CET49772443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.810208082 CET4434977265.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:08.293416023 CET4434977265.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:08.293482065 CET49772443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:08.294612885 CET49772443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:08.294634104 CET4434977265.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:08.295043945 CET4434977265.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:08.296314955 CET49772443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:08.296334982 CET49772443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:08.296344042 CET4434977265.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:08.921951056 CET4976680192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:08.921988964 CET4976680192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.042193890 CET804976634.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.045300961 CET804976634.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.259612083 CET4434977265.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.259803057 CET4434977265.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.259954929 CET49772443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.260148048 CET49772443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.260157108 CET4434977265.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.260185003 CET49772443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.260190010 CET4434977265.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.260720015 CET804976634.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.307431936 CET4976680192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.708405972 CET49783443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.708451986 CET4434978334.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.708539009 CET49783443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.709542036 CET49783443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.709561110 CET4434978334.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:10.791475058 CET49786443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:10.791500092 CET4434978644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:10.791553974 CET49786443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:10.791807890 CET49786443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:10.791819096 CET4434978644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:10.938855886 CET4434978334.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:10.938966990 CET49783443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:10.948031902 CET49783443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:10.948062897 CET4434978334.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:10.948472977 CET4434978334.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:10.994970083 CET49783443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.080557108 CET49783443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.080898046 CET49783443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.080914021 CET4434978334.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.533427000 CET49791443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.533463955 CET44349791104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.533670902 CET49791443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.534168005 CET4434978334.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.534359932 CET4434978334.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.534492016 CET49783443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.534996033 CET49783443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.535015106 CET4434978334.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.547379017 CET49792443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.547398090 CET4434979234.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.547465086 CET49792443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.547861099 CET49792443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.547872066 CET4434979234.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.551059961 CET49791443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.551089048 CET44349791104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.187736988 CET49794443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.187807083 CET4434979465.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.187928915 CET49794443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.188215971 CET49794443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.188230991 CET4434979465.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.726882935 CET4434978644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.737133026 CET49786443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.737155914 CET4434978644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.737971067 CET49786443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.737974882 CET4434978644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.737988949 CET49786443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.737993956 CET4434978644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.767446995 CET4434979234.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.767530918 CET49792443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.769736052 CET49792443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.769741058 CET4434979234.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.770589113 CET4434979234.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.772288084 CET49792443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.772319078 CET49792443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.772351027 CET4434979234.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.782860041 CET44349791104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.782938004 CET49791443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.848208904 CET49791443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.848242998 CET44349791104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.848630905 CET44349791104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.848705053 CET49791443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.851444960 CET49791443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.851490974 CET49791443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:12.851537943 CET44349791104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.216639996 CET4434979234.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.216800928 CET4434979234.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.221270084 CET49792443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.224404097 CET49792443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.224419117 CET4434979234.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.332323074 CET4434978644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.332425117 CET4434978644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.340085030 CET49786443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.363559008 CET49786443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.363578081 CET4434978644.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.430857897 CET44349791104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.430980921 CET44349791104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.431107044 CET49791443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.432121038 CET49791443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.432145119 CET44349791104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.850811958 CET4434979465.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.851145983 CET49794443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.852957010 CET49794443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.852965117 CET4434979465.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.853701115 CET4434979465.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.855237961 CET49794443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.855276108 CET49794443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:13.855279922 CET4434979465.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:14.812980890 CET4434979465.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:14.813065052 CET4434979465.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:14.813216925 CET49794443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:14.814289093 CET49794443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:14.814289093 CET49794443192.168.2.465.9.108.105
                                                                                                                                                                                                                      Dec 24, 2024 12:06:14.814311981 CET4434979465.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:14.814327002 CET4434979465.9.108.105192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.041013002 CET49845443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.041064024 CET4434984544.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.041122913 CET49845443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.041600943 CET49845443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.041616917 CET4434984544.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.305651903 CET49846443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.305710077 CET44349846104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.305773020 CET49846443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.307463884 CET49846443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.307487965 CET44349846104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.996551037 CET49849443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.996607065 CET44349849104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.996682882 CET49849443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.997693062 CET49849443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.997704983 CET44349849104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.026695967 CET49848443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.026807070 CET44349848104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.026897907 CET49848443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.045420885 CET49848443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.045459986 CET44349848104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.531775951 CET44349846104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.531857014 CET49846443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.533364058 CET49846443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.533371925 CET44349846104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.534027100 CET44349846104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.574395895 CET49846443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.602140903 CET49846443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.602257967 CET49846443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.602262974 CET44349846104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.965327024 CET4434984544.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.967250109 CET49845443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.967272043 CET4434984544.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.968436956 CET49845443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.968441963 CET4434984544.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.968466043 CET49845443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:28.968472958 CET4434984544.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.006767035 CET44349846104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.006942987 CET44349846104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.007209063 CET49846443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.007885933 CET49846443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.007894993 CET44349846104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.007905960 CET49846443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.007910013 CET44349846104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.223180056 CET44349849104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.223253012 CET49849443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.224514008 CET49849443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.224519968 CET44349849104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.224845886 CET44349849104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.260807037 CET44349848104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.260902882 CET49848443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.277532101 CET49849443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.283884048 CET49849443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.284255981 CET49849443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.284261942 CET44349849104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.286281109 CET49848443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.286329985 CET44349848104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.286616087 CET44349848104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.340038061 CET49848443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.470724106 CET4434984544.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.470920086 CET4434984544.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.470969915 CET49845443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.474545956 CET49845443192.168.2.444.228.210.164
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.474565983 CET4434984544.228.210.164192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.695391893 CET44349849104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.695687056 CET44349849104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.695743084 CET49849443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.696408033 CET49849443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.696422100 CET44349849104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.696434975 CET49849443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.696440935 CET44349849104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:31.847640038 CET49848443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:31.895355940 CET44349848104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:32.216392994 CET44349848104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:32.216504097 CET44349848104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:32.216588020 CET49848443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:32.220228910 CET49848443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:32.220274925 CET44349848104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:32.220307112 CET49848443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:32.220324039 CET44349848104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:32.427207947 CET49863443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:32.427293062 CET44349863104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:32.427402973 CET49863443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:32.427767038 CET49863443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:32.427808046 CET44349863104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:33.646405935 CET44349863104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:33.646490097 CET49863443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:33.647931099 CET49863443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:33.647943020 CET44349863104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:33.648180008 CET44349863104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:33.694235086 CET49863443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:33.939416885 CET49863443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:33.987344980 CET44349863104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:34.297892094 CET44349863104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:34.297981024 CET44349863104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:34.298140049 CET49863443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:34.298258066 CET49863443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:34.298280001 CET44349863104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:34.298295975 CET49863443192.168.2.4104.20.86.8
                                                                                                                                                                                                                      Dec 24, 2024 12:06:34.298302889 CET44349863104.20.86.8192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:47.728957891 CET49907443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:47.728996038 CET4434990734.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:47.729063034 CET49907443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:47.729463100 CET49907443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:47.729481936 CET4434990734.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.584976912 CET49910443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.585055113 CET4434991034.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.585143089 CET49910443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.617932081 CET49910443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.617974043 CET4434991034.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.677021980 CET49912443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.677056074 CET4434991234.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.677107096 CET49912443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.677635908 CET49912443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.677654982 CET4434991234.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.949579000 CET4434990734.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.949652910 CET49907443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.954776049 CET49907443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.954782009 CET4434990734.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.955771923 CET4434990734.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.956942081 CET49907443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.957218885 CET49907443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.957226038 CET4434990734.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.411598921 CET4434990734.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.411746025 CET4434990734.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.411809921 CET49907443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.418865919 CET49907443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.418878078 CET4434990734.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.835695982 CET4434991034.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.835776091 CET49910443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.842375994 CET49910443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.842410088 CET4434991034.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.842674017 CET4434991034.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.845935106 CET49910443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.845983028 CET4434991034.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.893078089 CET4434991234.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.893161058 CET49912443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.895222902 CET49912443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.895242929 CET4434991234.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.895508051 CET4434991234.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.896064997 CET49912443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:06:49.939377069 CET4434991234.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:50.286757946 CET4434991034.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:50.286843061 CET4434991034.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:50.286906958 CET49910443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:50.287463903 CET49910443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:06:50.287487984 CET4434991034.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:50.346965075 CET4434991234.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:50.347100019 CET4434991234.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:50.347152948 CET49912443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:06:50.365689993 CET49912443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:06:50.365731955 CET4434991234.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:52.735346079 CET49923443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:06:52.735368967 CET4434992334.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:52.735435963 CET49923443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:06:52.736114025 CET49923443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:06:52.736126900 CET4434992334.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:53.953526020 CET4434992334.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:53.953603029 CET49923443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:06:53.955437899 CET49923443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:06:53.955444098 CET4434992334.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:53.955766916 CET4434992334.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:53.956262112 CET49923443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:06:53.999373913 CET4434992334.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:54.416686058 CET4434992334.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:54.416866064 CET4434992334.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:54.417032957 CET49923443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:06:54.417438984 CET49923443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:06:54.417458057 CET4434992334.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:15.413858891 CET49989443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:15.413886070 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:15.413939953 CET49989443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:15.414330006 CET49989443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:15.414340973 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:16.625785112 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:16.625857115 CET49989443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:16.627177000 CET49989443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:16.627182961 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:16.627391100 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:16.627834082 CET49989443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:16.627857924 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.078048944 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.078108072 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.078156948 CET49989443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.078514099 CET49989443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.078525066 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.282586098 CET49995443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.282619953 CET4434999534.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.282685041 CET49995443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.283031940 CET49995443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.283051014 CET4434999534.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.727543116 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.727569103 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.727631092 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.728887081 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.728899956 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.495836020 CET4434999534.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.495914936 CET49995443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.497432947 CET49995443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.497456074 CET4434999534.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.497766972 CET4434999534.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.498066902 CET49995443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.498111963 CET4434999534.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.945380926 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.945442915 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.946785927 CET4434999534.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.946805000 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.946813107 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.946855068 CET4434999534.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.946909904 CET49995443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.947134972 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.947164059 CET49995443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.947216034 CET4434999534.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.947258949 CET49995443192.168.2.434.117.223.223
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.947276115 CET4434999534.117.223.223192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.948489904 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:18.991362095 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.409398079 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.409445047 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.409455061 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.409488916 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.409528971 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.409535885 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.416856050 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.416937113 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.416944981 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.432380915 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.432410955 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.432445049 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.432528019 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.432528019 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.432535887 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.507255077 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.507265091 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.533262014 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.533313036 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.533319950 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.616611004 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.648720026 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.648766041 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.648905993 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.648912907 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.719841957 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.719913006 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.719923019 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.768277884 CET4434999634.160.176.28192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.768323898 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.768585920 CET49996443192.168.2.434.160.176.28
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.768596888 CET4434999634.160.176.28192.168.2.4

                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                      Dec 24, 2024 12:05:05.339617968 CET5219553192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:05:05.723186016 CET53521951.1.1.1192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.055005074 CET5561753192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.193120956 CET53556171.1.1.1192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.736607075 CET5475653192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.736854076 CET5835953192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:04.222656965 CET53547561.1.1.1192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.200074911 CET6113053192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.594558001 CET6484553192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.808510065 CET53648451.1.1.1192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.566436052 CET6152953192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.566524982 CET5515253192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.704360962 CET53551521.1.1.1192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.391990900 CET5514653192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.529755116 CET53551461.1.1.1192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.156011105 CET6296953192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.298723936 CET53629691.1.1.1192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.658431053 CET5109953192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.804248095 CET5105753192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:30.934294939 CET6087653192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.437987089 CET5271353192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.538992882 CET5271453192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.584142923 CET53527131.1.1.1192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.676170111 CET53527141.1.1.1192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:50.448302984 CET5271753192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:52.595933914 CET5271953192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:52.734550953 CET53527191.1.1.1192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:06:55.337280989 CET5272153192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:55.337531090 CET5272153192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:55.713887930 CET5272253192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:06:55.714313984 CET5272253192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:07:15.274409056 CET5272953192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:07:15.413363934 CET53527291.1.1.1192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.142786980 CET5273153192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.282201052 CET53527311.1.1.1192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.550795078 CET5466053192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.687819004 CET53546601.1.1.1192.168.2.4
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.971493959 CET5466153192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.971626043 CET5466153192.168.2.41.1.1.1

                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                      Dec 24, 2024 12:05:05.339617968 CET192.168.2.41.1.1.10x35daStandard query (0)d3ben4sjdmrs9v.cloudfront.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.055005074 CET192.168.2.41.1.1.10xba81Standard query (0)analytics.apis.mcafee.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.736607075 CET192.168.2.41.1.1.10xb951Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.736854076 CET192.168.2.41.1.1.10xe4bcStandard query (0)honzik.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.200074911 CET192.168.2.41.1.1.10xb6ccStandard query (0)sadownload.mcafee.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.594558001 CET192.168.2.41.1.1.10xbf83Standard query (0)d3ben4sjdmrs9v.cloudfront.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.566436052 CET192.168.2.41.1.1.10xf283Standard query (0)honzik.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.566524982 CET192.168.2.41.1.1.10x410Standard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.391990900 CET192.168.2.41.1.1.10xbbbStandard query (0)stats.securebrowser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.156011105 CET192.168.2.41.1.1.10xcff9Standard query (0)update.norton.securebrowser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.658431053 CET192.168.2.41.1.1.10x8da3Standard query (0)sadownload.mcafee.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.804248095 CET192.168.2.41.1.1.10xed87Standard query (0)cdn-update.norton.securebrowser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:30.934294939 CET192.168.2.41.1.1.10xf85dStandard query (0)honzik.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.437987089 CET192.168.2.41.1.1.10xcd07Standard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.538992882 CET192.168.2.41.1.1.10x3f92Standard query (0)shepherd.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:50.448302984 CET192.168.2.41.1.1.10xe308Standard query (0)honzik.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:52.595933914 CET192.168.2.41.1.1.10x88daStandard query (0)shepherd.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:55.337280989 CET192.168.2.41.1.1.10x1a94Standard query (0)honzik.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:55.337531090 CET192.168.2.41.1.1.10x4bb9Standard query (0)honzik.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:55.713887930 CET192.168.2.41.1.1.10x3aedStandard query (0)honzik.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:55.714313984 CET192.168.2.41.1.1.10x3dfdStandard query (0)honzik.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:07:15.274409056 CET192.168.2.41.1.1.10xb091Standard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.142786980 CET192.168.2.41.1.1.10x6f8dStandard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.550795078 CET192.168.2.41.1.1.10xdaefStandard query (0)shepherd.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.971493959 CET192.168.2.41.1.1.10x3acbStandard query (0)honzik.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:07:19.971626043 CET192.168.2.41.1.1.10x4539Standard query (0)honzik.avcdn.net28IN (0x0001)false

                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                      Dec 24, 2024 12:05:05.723186016 CET1.1.1.1192.168.2.40x35daNo error (0)d3ben4sjdmrs9v.cloudfront.net65.9.108.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:05:05.723186016 CET1.1.1.1192.168.2.40x35daNo error (0)d3ben4sjdmrs9v.cloudfront.net65.9.108.213A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:05:05.723186016 CET1.1.1.1192.168.2.40x35daNo error (0)d3ben4sjdmrs9v.cloudfront.net65.9.108.97A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:05:05.723186016 CET1.1.1.1192.168.2.40x35daNo error (0)d3ben4sjdmrs9v.cloudfront.net65.9.108.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.193120956 CET1.1.1.1192.168.2.40xba81No error (0)analytics.apis.mcafee.commosaic-nova.apis.mcafee.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.193120956 CET1.1.1.1192.168.2.40xba81No error (0)mosaic-nova.apis.mcafee.com44.228.210.164A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.193120956 CET1.1.1.1192.168.2.40xba81No error (0)mosaic-nova.apis.mcafee.com52.36.172.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.193120956 CET1.1.1.1192.168.2.40xba81No error (0)mosaic-nova.apis.mcafee.com52.43.6.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.193120956 CET1.1.1.1192.168.2.40xba81No error (0)mosaic-nova.apis.mcafee.com44.237.13.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.193120956 CET1.1.1.1192.168.2.40xba81No error (0)mosaic-nova.apis.mcafee.com52.35.239.119A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.193120956 CET1.1.1.1192.168.2.40xba81No error (0)mosaic-nova.apis.mcafee.com52.24.71.184A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.193120956 CET1.1.1.1192.168.2.40xba81No error (0)mosaic-nova.apis.mcafee.com52.33.149.47A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:01.193120956 CET1.1.1.1192.168.2.40xba81No error (0)mosaic-nova.apis.mcafee.com44.236.96.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:03.880197048 CET1.1.1.1192.168.2.40xe4bcNo error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:04.222656965 CET1.1.1.1192.168.2.40xb951No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:04.222656965 CET1.1.1.1192.168.2.40xb951No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:04.222656965 CET1.1.1.1192.168.2.40xb951No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.433056116 CET1.1.1.1192.168.2.40xb6ccNo error (0)sadownload.mcafee.comsadownload-r53.awsconsumer.mcafee.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.433056116 CET1.1.1.1192.168.2.40xb6ccNo error (0)sadownload-r53.awsconsumer.mcafee.comsadownload.mcafee.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.808510065 CET1.1.1.1192.168.2.40xbf83No error (0)d3ben4sjdmrs9v.cloudfront.net65.9.108.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.808510065 CET1.1.1.1192.168.2.40xbf83No error (0)d3ben4sjdmrs9v.cloudfront.net65.9.108.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.808510065 CET1.1.1.1192.168.2.40xbf83No error (0)d3ben4sjdmrs9v.cloudfront.net65.9.108.97A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:06.808510065 CET1.1.1.1192.168.2.40xbf83No error (0)d3ben4sjdmrs9v.cloudfront.net65.9.108.213A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.704360962 CET1.1.1.1192.168.2.40x410No error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.704360962 CET1.1.1.1192.168.2.40x410No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.704360962 CET1.1.1.1192.168.2.40x410No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.809664965 CET1.1.1.1192.168.2.40xf283No error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.529755116 CET1.1.1.1192.168.2.40xbbbNo error (0)stats.securebrowser.com104.20.86.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:11.529755116 CET1.1.1.1192.168.2.40xbbbNo error (0)stats.securebrowser.com104.20.87.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.298723936 CET1.1.1.1192.168.2.40xcff9No error (0)update.norton.securebrowser.com104.20.86.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:27.298723936 CET1.1.1.1192.168.2.40xcff9No error (0)update.norton.securebrowser.com104.20.87.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.894164085 CET1.1.1.1192.168.2.40x8da3No error (0)sadownload.mcafee.comsadownload-r53.awsconsumer.mcafee.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:29.894164085 CET1.1.1.1192.168.2.40x8da3No error (0)sadownload-r53.awsconsumer.mcafee.comsadownload.mcafee.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:30.191194057 CET1.1.1.1192.168.2.40xed87No error (0)cdn-update.norton.securebrowser.comcdn-update.norton.securebrowser.com.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:31.167669058 CET1.1.1.1192.168.2.40xf85dNo error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.584142923 CET1.1.1.1192.168.2.40xcd07No error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.584142923 CET1.1.1.1192.168.2.40xcd07No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.584142923 CET1.1.1.1192.168.2.40xcd07No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.676170111 CET1.1.1.1192.168.2.40x3f92No error (0)shepherd.avcdn.netshepherd.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.676170111 CET1.1.1.1192.168.2.40x3f92No error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:48.676170111 CET1.1.1.1192.168.2.40x3f92No error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:50.586623907 CET1.1.1.1192.168.2.40xe308No error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:52.734550953 CET1.1.1.1192.168.2.40x88daNo error (0)shepherd.avcdn.netshepherd.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:52.734550953 CET1.1.1.1192.168.2.40x88daNo error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:52.734550953 CET1.1.1.1192.168.2.40x88daNo error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:55.775544882 CET1.1.1.1192.168.2.40x1a94No error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:55.787849903 CET1.1.1.1192.168.2.40x4bb9No error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:55.852056026 CET1.1.1.1192.168.2.40x3dfdNo error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:06:55.852066994 CET1.1.1.1192.168.2.40x3aedNo error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:07:15.413363934 CET1.1.1.1192.168.2.40xb091No error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:07:15.413363934 CET1.1.1.1192.168.2.40xb091No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:07:15.413363934 CET1.1.1.1192.168.2.40xb091No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.282201052 CET1.1.1.1192.168.2.40x6f8dNo error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.282201052 CET1.1.1.1192.168.2.40x6f8dNo error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.282201052 CET1.1.1.1192.168.2.40x6f8dNo error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.687819004 CET1.1.1.1192.168.2.40xdaefNo error (0)shepherd.avcdn.netshepherd.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.687819004 CET1.1.1.1192.168.2.40xdaefNo error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:07:17.687819004 CET1.1.1.1192.168.2.40xdaefNo error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:07:20.193653107 CET1.1.1.1192.168.2.40x4539No error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Dec 24, 2024 12:07:20.203299999 CET1.1.1.1192.168.2.40x3acbNo error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                      • d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                                                      • analytics.avcdn.net
                                                                                                                                                                                                                      • stats.securebrowser.com
                                                                                                                                                                                                                      • update.norton.securebrowser.com
                                                                                                                                                                                                                      • shepherd.avcdn.net
                                                                                                                                                                                                                      • v7event.stats.avast.com

                                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      0192.168.2.44976634.117.223.223806032C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 24, 2024 12:06:04.343735933 CET175OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Content-Type: iavs4/stats
                                                                                                                                                                                                                      User-Agent: AVG Microstub/2.1
                                                                                                                                                                                                                      Content-Length: 268
                                                                                                                                                                                                                      Host: v7event.stats.avast.com
                                                                                                                                                                                                                      Dec 24, 2024 12:06:04.343735933 CET268OUTData Raw: 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 69 72 73 5f 70 70 69 5f 39 30 32 5f 34 35 31 5f 6f 0a 65 64 69 74 69 6f 6e 3d 31 35 0a 65 76 65 6e 74 3d 6d 69 63 72 6f 73 74 75 62 2d 73 74 61 72 74 0a 6d 69 64 65 78 3d 33 46 35 43 37 43 44 34 34 44 31 46 36 41
                                                                                                                                                                                                                      Data Ascii: cookie=mmm_irs_ppi_902_451_oedition=15event=microstub-startmidex=3F5C7CD44D1F6AC769934CADA267B4DFCEA62DE7E764D162133E6CAEDE356FD0stat_session=729de4ae-763f-4df7-a043-5659222e822astatsSendTime=1735038362os=win,10,0,2,19045,0,AMD64exe_ver
                                                                                                                                                                                                                      Dec 24, 2024 12:06:05.448127031 CET96INHTTP/1.1 204 No Content
                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:05 GMT
                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                      Dec 24, 2024 12:06:08.921951056 CET175OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Content-Type: iavs4/stats
                                                                                                                                                                                                                      User-Agent: AVG Microstub/2.1
                                                                                                                                                                                                                      Content-Length: 283
                                                                                                                                                                                                                      Host: v7event.stats.avast.com
                                                                                                                                                                                                                      Dec 24, 2024 12:06:08.921988964 CET283OUTData Raw: 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 69 72 73 5f 70 70 69 5f 39 30 32 5f 34 35 31 5f 6f 0a 65 64 69 74 69 6f 6e 3d 31 35 0a 65 76 65 6e 74 3d 6d 69 63 72 6f 73 74 75 62 2d 64 6f 77 6e 6c 6f 61 64 0a 6d 69 64 65 78 3d 33 46 35 43 37 43 44 34 34 44 31
                                                                                                                                                                                                                      Data Ascii: cookie=mmm_irs_ppi_902_451_oedition=15event=microstub-downloadmidex=3F5C7CD44D1F6AC769934CADA267B4DFCEA62DE7E764D162133E6CAEDE356FD0stat_session=729de4ae-763f-4df7-a043-5659222e822astatsSendTime=1735038398os=win,10,0,2,19045,0,AMD64exe_
                                                                                                                                                                                                                      Dec 24, 2024 12:06:09.260720015 CET96INHTTP/1.1 204 No Content
                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:09 GMT
                                                                                                                                                                                                                      Via: 1.1 google


                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      0192.168.2.44973365.9.108.2234436836C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:05:07 UTC233OUTPOST /o HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                      Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                                                      2024-12-24 11:05:07 UTC128OUTData Raw: 7b 22 70 72 76 22 3a 20 22 30 2e 31 22 2c 22 70 6c 76 22 3a 20 22 32 2e 34 30 2e 31 2e 38 39 31 39 22 2c 22 6c 22 3a 20 22 65 6e 22 2c 22 61 22 3a 20 22 5a 61 79 61 74 73 22 2c 22 69 22 3a 20 22 47 61 6d 65 73 34 57 69 6e 22 2c 22 73 22 3a 20 22 5a 61 79 61 74 73 22 2c 22 75 22 3a 20 22 4e 36 78 43 2d 53 32 22 2c 22 6f 22 3a 20 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 22 7d
                                                                                                                                                                                                                      Data Ascii: {"prv": "0.1","plv": "2.40.1.8919","l": "en","a": "Zayats","i": "Games4Win","s": "Zayats","u": "N6xC-S2","o": "10.0.19045.2006"}
                                                                                                                                                                                                                      2024-12-24 11:05:08 UTC489INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                      Content-Length: 16034
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Server: awselb/2.0
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:05:08 GMT
                                                                                                                                                                                                                      cache-control: no-cache
                                                                                                                                                                                                                      x-true-request-id: bd42f604-c4b1-4888-b6bd-e6dd23e969c0
                                                                                                                                                                                                                      x-robots-tag: none
                                                                                                                                                                                                                      expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                                                                                                                                      X-Cache: Miss from cloudfront
                                                                                                                                                                                                                      Via: 1.1 dceb2203c0e4cc18a811828605c8767a.cloudfront.net (CloudFront)
                                                                                                                                                                                                                      X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                                                      X-Amz-Cf-Id: 5MqhP5v9RaZ7MgrjD2aw-bYNStmbRp3bkpbATQJrm2iVh0UscR2mAQ==
                                                                                                                                                                                                                      2024-12-24 11:05:08 UTC15895INData Raw: 7b 22 76 22 3a 22 30 2e 31 22 2c 22 6c 22 3a 22 55 53 22 2c 22 69 22 3a 7b 22 63 75 22 3a 22 6d 61 67 6e 65 74 3a 3f 78 74 3d 75 72 6e 3a 62 74 69 68 3a 42 46 46 31 38 41 46 35 36 30 38 46 39 31 39 36 43 46 30 35 42 46 30 43 31 46 30 42 35 34 41 31 38 43 33 46 30 41 37 37 22 2c 22 63 74 22 3a 22 43 61 6e 76 61 73 20 6f 66 20 4b 69 6e 67 73 22 2c 22 63 70 22 3a 22 22 2c 22 63 74 75 22 3a 22 22 2c 22 63 6c 22 3a 22 22 2c 22 63 68 22 3a 22 67 61 6d 65 66 61 62 72 69 71 75 65 22 2c 22 63 61 22 3a 22 76 35 2e 38 33 22 2c 22 63 66 22 3a 22 6d 61 67 6e 65 74 3a 3f 78 74 3d 75 72 6e 3a 62 74 69 68 3a 42 46 46 31 38 41 46 35 36 30 38 46 39 31 39 36 43 46 30 35 42 46 30 43 31 46 30 42 35 34 41 31 38 43 33 46 30 41 37 37 22 2c 22 63 70 69 22 3a 22 22 2c 22 63 70 73
                                                                                                                                                                                                                      Data Ascii: {"v":"0.1","l":"US","i":{"cu":"magnet:?xt=urn:btih:BFF18AF5608F9196CF05BF0C1F0B54A18C3F0A77","ct":"Canvas of Kings","cp":"","ctu":"","cl":"","ch":"gamefabrique","ca":"v5.83","cf":"magnet:?xt=urn:btih:BFF18AF5608F9196CF05BF0C1F0B54A18C3F0A77","cpi":"","cps
                                                                                                                                                                                                                      2024-12-24 11:05:08 UTC139INData Raw: 52 41 56 41 6e 74 69 76 69 72 75 73 5c 5c 41 6e 74 69 76 69 72 75 73 49 6e 73 74 61 6c 6c 65 72 4c 69 62 2e 64 6c 6c 22 2c 22 7b 63 6f 6d 6d 6f 6e 70 66 36 34 7d 5c 5c 52 41 56 41 6e 74 69 76 69 72 75 73 5c 5c 41 6e 74 69 76 69 72 75 73 49 6e 73 74 61 6c 6c 65 72 2e 65 78 65 22 5d 2c 22 6f 76 22 3a 31 30 30 2c 22 63 62 66 6f 22 3a 74 72 75 65 2c 22 78 22 3a 31 30 2c 22 76 22 3a 31 7d 7d 5d 2c 22 63 22 3a 22 22 7d
                                                                                                                                                                                                                      Data Ascii: RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"cbfo":true,"x":10,"v":1}}],"c":""}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      1192.168.2.44973465.9.108.2234436836C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:05:10 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                      Authorization: Signature=66c807ad3803012585cdea4992ef6b005dda8cf3863b9f1c5ce9cd6f798ad443
                                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                      Content-Length: 289
                                                                                                                                                                                                                      Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                                                      2024-12-24 11:05:10 UTC289OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 31 32 32 34 30 36 30 36 30 38 5c 22 2c 5c 22 33 5c 22 3a 5c 22 5a 61 79 61 74 73 5c 22 2c 5c 22 34 5c 22 3a 5c 22 47 61 6d 65 73 34 57 69 6e 5c 22 2c 5c 22 35 5c 22 3a 5c 22 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 6e 6f 43 68 47 72 6f 75 70 78 33 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 67 61 6d 65 66 61 62 72 69 71 75 65 5c 22 2c 5c 22 36 5c 22 3a 5c 22 31 5c 22 2c 5c 22 37 5c 22 3a 5c 22 32 2e 34 30 2e 31 2e 38 39 31 39 5c
                                                                                                                                                                                                                      Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241224060608\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"\",\"18\":\"\",\"19\":\"noChGroupx3\",\"21\":\"gamefabrique\",\"6\":\"1\",\"7\":\"2.40.1.8919\
                                                                                                                                                                                                                      2024-12-24 11:05:11 UTC427INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                      Content-Length: 15
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:05:11 GMT
                                                                                                                                                                                                                      Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                      X-Cache: Miss from cloudfront
                                                                                                                                                                                                                      Via: 1.1 cc308cac72966d971a24d7b2a41ddf70.cloudfront.net (CloudFront)
                                                                                                                                                                                                                      X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                                                      X-Amz-Cf-Id: yEBVY5z1OubRE-C1ovSoN9rFch4xoeydaa85Ia4lTb5e3YeAGXkLvA==
                                                                                                                                                                                                                      2024-12-24 11:05:11 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                                                      Data Ascii: {"Status":"OK"}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      2192.168.2.44973665.9.108.2234436836C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:05:15 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                      Authorization: Signature=66c807ad3803012585cdea4992ef6b005dda8cf3863b9f1c5ce9cd6f798ad443
                                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                      Content-Length: 379
                                                                                                                                                                                                                      Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                                                      2024-12-24 11:05:15 UTC379OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 31 32 32 34 30 36 30 36 30 38 5c 22 2c 5c 22 33 5c 22 3a 5c 22 5a 61 79 61 74 73 5c 22 2c 5c 22 34 5c 22 3a 5c 22 47 61 6d 65 73 34 57 69 6e 5c 22 2c 5c 22 35 5c 22 3a 5c 22 52 61 7a 65 72 5f 43 6f 72 74 65 78 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 52 61 7a 65 72 5f 43 6f 72 74 65 78 5f 76 31 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 6e 6f 43 68 47 72 6f 75 70 78 33 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 67 61 6d 65 66 61 62 72 69 71 75 65 5c 22 2c 5c 22
                                                                                                                                                                                                                      Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241224060608\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"Razer_Cortex\",\"18\":\"ZB_Razer_Cortex_v1\",\"19\":\"noChGroupx3\",\"21\":\"gamefabrique\",\"
                                                                                                                                                                                                                      2024-12-24 11:05:16 UTC427INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                      Content-Length: 15
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:05:15 GMT
                                                                                                                                                                                                                      Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                      X-Cache: Miss from cloudfront
                                                                                                                                                                                                                      Via: 1.1 a70d15c0de6117f8c3e081ecba9408a4.cloudfront.net (CloudFront)
                                                                                                                                                                                                                      X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                                                      X-Amz-Cf-Id: UTYK9VkEWAUfxkIbT2eu1-7DQpeIoTMhe7YmWh-g7O3NunycZyCzxA==
                                                                                                                                                                                                                      2024-12-24 11:05:16 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                                                      Data Ascii: {"Status":"OK"}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      3192.168.2.44973765.9.108.2234436836C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:05:17 UTC136OUTGET /f/AVG_AV/images/1509/EN.png HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      User-Agent: Inno Setup 6.1.2
                                                                                                                                                                                                                      Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                                                      2024-12-24 11:05:18 UTC607INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Content-Type: image/png
                                                                                                                                                                                                                      Content-Length: 53151
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Last-Modified: Wed, 01 May 2024 12:21:17 GMT
                                                                                                                                                                                                                      x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                      x-amz-meta-cb-modifiedtime: Tue, 30 Apr 2024 07:13:32 GMT
                                                                                                                                                                                                                      x-amz-version-id: t0aKL0R4FYtf2ry_kAUySb7zudCs2Esv
                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                      Server: AmazonS3
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:05:18 GMT
                                                                                                                                                                                                                      ETag: "aee8e80b35dcb3cf2a5733ba99231560"
                                                                                                                                                                                                                      X-Cache: Hit from cloudfront
                                                                                                                                                                                                                      Via: 1.1 5e51c2cb85f3832b4e4037f8dff6904c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                      X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                                                      X-Amz-Cf-Id: WtIYJKig3HJ1a7b2dleF3o6bK2aFytK5WqjQt69_eyxGFkjRtZ6gng==
                                                                                                                                                                                                                      Age: 4717
                                                                                                                                                                                                                      2024-12-24 11:05:18 UTC16384INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 23 00 00 01 18 08 06 00 00 00 8e 7f f6 42 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 cf 34 49 44 41 54 78 01 ec fd 09 98 1d c7 79 1e 0a bf 75 ce 99 7d c7 be e3 80 04 57 91 22 a8 d5 92 28 73 20 d9 f1 1a 13 94 1d c9 89 9d 70 90 dc eb dc fc ce bd 04 f3 c4 51 9c dc 84 83 3f 71 6c 3d c9 0d c1 27 cb 9f 38 b9 17 83 9b 45 b6 6c 99 a0 17 59 b2 2d 61 68 ad d4 46 50 0b 77 10 07 fb 8e d9 d7 b3 d4 5f 5f 75 55 77 75 77 f5 72 06 33 58 c8 7a c9 c6 e9 ae fa aa ea ab ea 9e fe de fe 6a 63 70 70 70 68 0e 9f da cd e1 e0 90 85 4f 1e 61 70 70 70 c8 85 02 1c 1c 1c 1c 1c 1c 1c 1c 6e 20 1c 19 71 70 68 1e 15 38 38
                                                                                                                                                                                                                      Data Ascii: PNGIHDR#BpHYssRGBgAMAa4IDATxyu}W"(s pQ?ql='8ElY-ahFPw__uUwuwr3XzjcppphOapppn qph88
                                                                                                                                                                                                                      2024-12-24 11:05:18 UTC16384INData Raw: c1 73 9b 52 b7 ca 71 25 13 05 b9 54 39 82 ae 97 34 43 73 5c fd ea 73 7a e9 0c aa 73 dd e5 a1 87 ac f7 ab b0 31 a3 7c 93 30 65 c5 47 31 68 d4 85 f4 3d 82 e0 45 58 36 74 38 62 c8 3c a9 e2 0f 20 70 1d 6b 19 1d ae eb 34 ac ce 07 8d 32 75 9d 76 21 ee 59 d1 5f 85 4f aa f2 86 55 7b 44 eb 61 96 01 84 ef 49 b4 1e 51 1c 88 94 31 a6 d2 96 23 f5 3e 88 78 db 8f 20 dc b6 43 2a 6e 0f 82 fa ef 89 e8 36 18 d1 2d fa 3c 3c 66 e4 69 c6 ef 43 d0 b5 f7 38 82 af 65 dd 1e bb 8c 3c 9e 8c e8 f5 a4 11 b7 c7 08 3b 62 c8 d9 8c 5b 39 92 b7 d9 ee bb 10 7e 0e d2 da f8 88 aa b3 59 cf 17 10 ee be 4b d3 d9 56 47 f3 9e 6b 3d 9f 31 74 2a 27 e8 a1 ef cb 20 e2 ed c0 23 e5 96 11 6e 23 b3 fe d1 76 d1 ed 17 6d 97 17 90 dc 2e 50 f9 25 3d ab 49 65 e8 e7 11 09 65 46 ef 85 ae 77 f4 19 5f 12 29 d1 b3
                                                                                                                                                                                                                      Data Ascii: sRq%T94Cs\szs1|0eG1h=EX6t8b< pk42uv!Y_OU{DaIQ1#>x C*n6-<<fiC8e<;b[9~YKVGk=1t*' #n#vm.P%=IeeFw_)
                                                                                                                                                                                                                      2024-12-24 11:05:18 UTC16384INData Raw: d3 53 ce 91 5e 3f f7 b0 e8 65 3e f3 74 4e cf 83 f9 4c 8f e0 da 30 1a f9 25 1c 8e fc 12 86 11 cc 6a d3 63 6d 2a 08 06 68 27 61 b7 ca 5b 4f 6b a6 76 dd 8f 5b 84 88 10 16 5a e7 07 21 07 ad 7a 2f 5e 73 59 6e 86 b0 c9 33 bf 26 ad 5e 91 84 77 77 46 74 3a 72 1b 85 95 44 1e 62 c0 12 e5 72 da e5 7c bd 5d cd 42 a9 d5 b0 76 4f 19 3a 27 56 81 a5 55 2d b9 cc 66 64 6d 65 a6 c9 e7 91 4b 2b 92 2d 2d 5d 42 6e 30 49 e4 ca 80 c6 8a 30 f1 72 e4 c2 e8 5c 3b 11 b1 a1 ac 7e 2b 09 f1 fa 45 a8 bd 1d 49 f1 95 25 a4 bd 16 bd 4c 39 32 2c 23 b0 77 7b 68 99 34 1d b2 e2 57 0a 59 ed 53 56 bf 15 64 a3 8c f4 7b a4 7f 2b f0 0c 20 7d 7d 0f 18 f2 69 f7 71 a9 c8 ca b3 8c e6 db 7d 39 f4 cc ca 63 25 da a2 19 2c b5 fc 6b f9 7b bb a1 58 fc bd ee af 0a 02 f2 41 7d ad 07 ad 7a 1c 80 f9 1f 91 b3 8d
                                                                                                                                                                                                                      Data Ascii: S^?e>tNL0%jcm*h'a[Okv[Z!z/^sYn3&^wwFt:rDbr|]BvO:'VU-fdmeK+--]Bn0I0r\;~+EI%L92,#w{h4WYSVd{+ }}iq}9c%,k{XA}z
                                                                                                                                                                                                                      2024-12-24 11:05:18 UTC1621INData Raw: 18 16 3f 58 40 25 a3 82 ed 64 10 eb 52 16 1f 65 ec 19 69 ed 29 a1 a2 82 04 2d a9 6c 71 5f 01 de 75 e6 2e aa b8 e3 1a f5 26 0a 69 54 34 e1 7e 8d b7 aa ac 9d 3e 3e 3d 8b ce 75 8f a1 b1 a3 7a dd 61 45 9f 9e af a4 9e 78 f8 71 32 5b 3f fc 10 ee 13 00 6e 51 e6 cf 9f ef c8 cc cd ee 0c a7 11 ff f1 0a 6a bc 7a 83 b7 d9 aa 69 3c 5b bf 7d 7a 03 14 e6 29 39 8c 5d 36 f5 f3 6b cc f4 7a 06 35 ba b6 f2 4d e5 91 e5 b8 dc af 1c b3 c0 b0 1d 93 df 39 73 7c bc 12 a6 7a 0e 17 bd 2e b6 e3 d3 cb f3 44 46 d0 f1 99 f0 fb ad 4c e7 23 ec 35 a0 e4 dd 90 87 01 ac 94 f2 86 e8 23 a3 39 2e 35 4d 7b 64 60 24 71 a6 ae 03 95 16 e1 21 9f 8f ce c4 a7 c5 8b cc 53 22 42 64 c0 26 41 f9 46 a6 70 3f 7c 69 0a d5 dd 7d 8c 7e bf f2 0c 15 44 92 74 e8 d2 54 f7 ad 9b d2 c2 04 fd e4 8b d4 8c b1 0f 4e ba
                                                                                                                                                                                                                      Data Ascii: ?X@%dRei)-lq_u.&iT4~>>=uzaExq2[?nQjzi<[}z)9]6kz5M9s|z.DFL#5#9.5M{d`$q!S"Bd&AFp?|i}~DtTN
                                                                                                                                                                                                                      2024-12-24 11:05:18 UTC2378INData Raw: a4 cb 31 c8 0b e3 77 9c 1e f2 9b e5 c7 3d 30 5c 21 a2 7e 51 32 26 b3 9c 99 0f 2a 52 32 8e a2 e3 ee a2 c4 85 5f 53 49 ed 6b d4 77 e0 1f c8 e9 cd fd 03 ef c3 0f 3f 4c ab 56 ad 72 6f 3a 8d 8d 8d d4 d4 d4 44 ab 57 af a6 05 0b 16 b8 3f c4 a6 4d 9b a8 b5 b5 95 9e 7a ea 29 69 4c dc 1f e9 f5 d7 5f a7 8a 8a 0a 7a fa e9 a7 dd 13 bc 77 ef 5e da b7 6f 1f 81 3c c3 82 82 05 09 07 9c 8d a4 0a 90 c1 d4 b0 40 a9 49 87 65 54 f4 7a 5a f5 5a 83 6c 88 e8 e0 e5 94 84 f9 46 f1 0a af 1a 45 10 70 f8 ba 2f 2c ce 63 37 0b 87 5a 0e ee f1 b3 e3 1b c0 a9 74 5d 96 39 a9 6f 07 58 c5 08 e7 b7 3a 5d cf 59 04 72 0a 9f fb 1f c4 62 89 6f f6 f5 75 dd 17 8b c5 2b 62 b1 fe 8a 6c 26 55 bc 99 c9 d6 a5 7e 33 23 9e 90 b1 63 c7 ba 5e 11 dd 43 15 24 08 75 1b 9b d8 d0 f1 db ef 95 61 db e7 97 6f 50 37
                                                                                                                                                                                                                      Data Ascii: 1w=0\!~Q2&*R2_SIkw?LVro:DW?Mz)iL_zw^o<@IeTzZZlFEp/,c7Zt]9oX:]Yrbou+bl&U~3#c^C$uaoP7


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      4192.168.2.44974065.9.108.2234436836C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:05:20 UTC148OUTGET /f/NORTON_BRW/images/1494/547x280/EN.png HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      User-Agent: Inno Setup 6.1.2
                                                                                                                                                                                                                      Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                                                      2024-12-24 11:05:21 UTC608INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Content-Type: image/png
                                                                                                                                                                                                                      Content-Length: 47501
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 17:59:19 GMT
                                                                                                                                                                                                                      Last-Modified: Wed, 03 Apr 2024 08:33:15 GMT
                                                                                                                                                                                                                      ETag: "1cd4a2b4a992acc9235d9facd510e236"
                                                                                                                                                                                                                      x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                      x-amz-meta-cb-modifiedtime: Mon, 01 Apr 2024 07:08:58 GMT
                                                                                                                                                                                                                      x-amz-version-id: GXWdY.78zRFPXaJLr7zePWokY7HIn4lm
                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                      Server: AmazonS3
                                                                                                                                                                                                                      X-Cache: Hit from cloudfront
                                                                                                                                                                                                                      Via: 1.1 1a425d1c4a67bd62cbf8d7a0405627da.cloudfront.net (CloudFront)
                                                                                                                                                                                                                      X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                                                      X-Amz-Cf-Id: IP90MI35kw9__n16ZkMJlM9ROMISTMQkuGf48cdKXkpeOIuYRK16Vg==
                                                                                                                                                                                                                      Age: 61562
                                                                                                                                                                                                                      2024-12-24 11:05:21 UTC15776INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 23 00 00 01 18 08 06 00 00 00 8e 7f f6 42 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 b9 22 49 44 41 54 78 01 ec fd 09 98 1c c7 75 26 8a 9e ac ea 15 68 a0 1b 3b 17 50 28 50 dc 21 11 0d 51 d6 62 2d 68 48 d6 e6 65 08 8c 48 8e 3d b2 cc 86 ed 2b 79 3c d7 66 63 e4 b1 ef 6c ea c6 d8 e3 37 b4 9f 0d c0 be 77 be 79 1e fb a2 e1 f1 f2 2c 7a 3e 80 1a 5b be 96 25 a1 a1 a1 2d 4a 32 84 06 29 2e e2 02 34 48 90 00 b8 a1 b1 f5 5e 95 f7 fc 91 71 b2 4e 45 65 d6 d2 0b 96 ee f8 f1 25 32 33 f6 88 cc ae f3 e7 39 27 22 88 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c
                                                                                                                                                                                                                      Data Ascii: PNGIHDR#BpHYssRGBgAMAa"IDATxu&h;P(P!Qb-hHeH=+y<fcl7wy,z>[%-J2).4H^qNEe%239'"<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
                                                                                                                                                                                                                      2024-12-24 11:05:21 UTC16384INData Raw: 21 f6 6c ee 59 33 12 c0 81 15 c0 0a ac b9 5c 0e 7e 24 41 b5 a9 bd 2e 2a 69 45 0e 1e 3c 68 88 05 f6 85 c1 81 85 cc 3e fd e9 4f d3 13 4f 3c 61 e2 b1 b2 25 56 50 85 b6 04 58 be 7c b9 59 4d 75 ff fe fd 94 be 59 9f 87 c7 95 87 a7 ca 1e 1e 1e 1e d3 84 35 d5 18 42 22 66 9a 75 eb d6 05 7f f3 37 7f 13 32 21 c9 bc fe fa eb 61 e5 5d 7b a9 ae f5 44 3e fb d9 cf d2 be 7d fb 4a 56 52 45 7e 2c e9 2e 80 96 46 c3 bd f7 b8 f6 60 1c a5 b1 31 e3 3c 26 94 9e 8c 78 78 78 78 4c 13 61 34 c7 37 03 81 8f 9d 6b 81 13 27 4e 84 b7 dc 72 0b 56 60 0d f3 f9 7c ea ae bd f5 f8 89 08 56 ae 5c 49 5f f8 c2 17 c8 e3 da 41 58 98 a2 b1 8b c3 14 3a 6b c7 64 1b 9a a8 79 51 7b d5 fc 05 ce 3f 7e d1 ee 8e 80 3d 86 16 77 b0 96 2b 4b f3 0d 5e 6f e7 e1 e1 e1 51 27 40 1c f0 b5 8a bd 69 60 ae 81 03 ab 06
                                                                                                                                                                                                                      Data Ascii: !lY3\~$A.*iE<h>OO<a%VPX|YMuY5B"fu72!a]{D>}JVRE~,.F`1<&xxxxLa47k'NrV`|V\I_AX:kdyQ{?~=w+K^oQ'@i`
                                                                                                                                                                                                                      2024-12-24 11:05:21 UTC15341INData Raw: 9c 1f 79 e4 11 63 92 b9 ff fe fb 43 90 11 ac f6 09 c0 67 24 6d 6a 6f 98 e6 4d 62 8d 3b 7e 22 8d c7 42 83 27 23 57 21 aa 2d 1b 5f 89 a8 78 2c 4c 58 13 50 1f 79 5c 16 c8 a2 67 30 cf e0 5e ef 4d 03 54 9b 49 93 ba e8 aa d7 55 7b 2c 50 78 32 e2 e1 e1 e1 51 27 ec fa 22 b8 34 ba 0c cc a8 91 25 e1 e1 2f 02 ad c8 aa 55 ab 32 d5 36 69 73 fd 45 6a f6 7a f5 f0 98 67 f0 bb 37 79 78 78 78 d4 0f a8 46 64 46 4d 99 66 04 78 f9 e5 97 b1 a4 40 50 69 d7 de d0 b1 d7 78 cd 88 c7 42 85 27 23 1e 1e 1e 1e f5 23 9e d6 2b c0 f4 5e ec a6 2a e4 03 da 91 4c 26 53 b2 69 5e 49 01 cc 3c 62 cd 48 18 11 11 f8 8a 78 3e e2 b1 10 e1 cd 34 1e 1e 1e 1e d3 83 e1 0d b2 37 0d cc 34 c7 8e 1d a3 69 23 0c bd 6a c4 63 c1 c2 6b 46 3c 3c 3c 3c ea 87 d1 7e 60 46 8d 90 11 68 46 68 3a b0 da 90 f2 f5 46 3c
                                                                                                                                                                                                                      Data Ascii: ycCg$mjoMb;~"B'#W!-_x,LXPy\g0^MTIU{,Px2Q'"4%/U26isEjzg7yxxxFdFMfx@PixB'##+^*L&Si^I<bHx>474i#jckF<<<<~`FhFh:F<


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      5192.168.2.44974565.9.108.2234436836C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:05:37 UTC142OUTGET /f/WebAdvisor/files/1489/saBSI.zip HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      User-Agent: Inno Setup 6.1.2
                                                                                                                                                                                                                      Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                                                      2024-12-24 11:05:38 UTC627INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Content-Type: application/x-zip-compressed
                                                                                                                                                                                                                      Content-Length: 527389
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Last-Modified: Tue, 26 Mar 2024 13:11:30 GMT
                                                                                                                                                                                                                      x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                      x-amz-meta-cb-modifiedtime: Tue, 26 Mar 2024 13:10:42 GMT
                                                                                                                                                                                                                      x-amz-version-id: 7sn0EuMWH3aYiKrbA4lOPgyoNDAU9iIf
                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                      Server: AmazonS3
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 09:36:05 GMT
                                                                                                                                                                                                                      ETag: "f68008b70822bd28c82d13a289deb418"
                                                                                                                                                                                                                      X-Cache: Hit from cloudfront
                                                                                                                                                                                                                      Via: 1.1 22cca4e72d16c1882ac60c018e6acbbe.cloudfront.net (CloudFront)
                                                                                                                                                                                                                      X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                                                      X-Amz-Cf-Id: bfa023gTNCOdYsjW6x8_uo7AFmQcrrafHgoQsUovkxOkWQStWt7USw==
                                                                                                                                                                                                                      Age: 5373
                                                                                                                                                                                                                      2024-12-24 11:05:38 UTC16384INData Raw: 50 4b 03 04 14 00 00 00 08 00 9b 5c 7a 58 1c 99 c3 c5 a9 0b 08 00 80 11 12 00 09 00 00 00 73 61 42 53 49 2e 65 78 65 e4 5a 7f 70 54 d7 75 be 2b 69 a5 d5 8f 65 57 20 63 d9 c8 f1 da 26 8e 9a c1 92 6c a1 09 13 8b c9 82 59 5b 06 01 8b 2d 40 60 01 c2 08 f1 90 65 90 b1 b0 e5 16 3b 72 05 54 ab 95 1c 4d 4a 33 b4 61 dc 5d ad dc 68 3a 9a 56 46 3f d8 75 15 b3 c4 54 12 1d 1c 2b ad 9a 28 29 d3 ca 89 3b f3 1c d4 76 93 12 5b 76 15 d4 f3 9d fb f6 bd dd d5 92 e0 bf b3 03 f7 5d 9d f7 9d ef 9e 73 ee bd e7 fe d8 dd bc bb 5b a4 0a 21 d2 e8 ff c2 82 10 41 21 3f 4e f1 fb 3f 25 26 21 96 dc fb ce 12 31 94 f9 fe 7d 41 53 e5 fb f7 55 29 87 5f 74 34 1d 3b 7a e8 d8 fe e7 1d 07 f6 1f 39 72 b4 d9 f1 ec 41 c7 b1 e3 47 1c 87 8f 38 36 6c 7d da f1 fc d1 ba 83 45 56 6b d6 4a 8d e3 11 db 87
                                                                                                                                                                                                                      Data Ascii: PK\zXsaBSI.exeZpTu+ieW c&lY[-@`e;rTMJ3a]h:VF?uT+();v[v]s[!A!?N?%&!1}ASU)_t4;z9rAG86l}EVkJ
                                                                                                                                                                                                                      2024-12-24 11:05:38 UTC16384INData Raw: d4 86 29 b5 21 4a 6d 20 dd dc 3f cd bc a4 c3 4c 4d cb 4b 26 b6 e9 52 33 78 49 ff 71 23 35 c9 4b 06 78 6a cd 94 5a 13 a5 16 48 b7 3c 4c 33 2f 59 bc 4d a6 a6 e5 25 67 68 53 33 78 c9 3b 8f 19 a9 49 5e 32 cc 53 eb a5 d4 7a 28 b5 70 ba 15 64 9a 79 c9 eb 7b 65 6a 7b 1c 9a d4 ca 7a 75 a9 19 bc e4 da 01 23 b5 f4 bc e4 90 e4 25 87 38 2f 39 2c 79 c9 84 e0 25 4f 1d 4b cf 4b 36 6e c5 1b 5b 2c 42 ff b2 35 cd 22 f4 e7 37 31 8d fb 3f 9f 99 81 97 cc f1 08 5e 32 b6 d1 d8 1d 66 67 3a 73 d9 8f e4 a7 5b 52 79 49 57 a7 b1 1d 8c ab bc b8 ea 95 2d 13 f3 92 0b 3d 82 97 6c 31 6c 7d b0 bd 1e b6 2b b6 68 f7 63 06 b7 f2 e5 8c 78 c9 80 47 f0 92 8d 78 12 e0 3d 9d c2 4b 26 3a b1 e3 0b c9 79 5b d0 20 b6 fd 12 85 97 f4 75 19 54 83 07 fb 25 4d 30 b9 62 8b 6d bf 64 11 f9 27 5e 32 2c 9f e7
                                                                                                                                                                                                                      Data Ascii: )!Jm ?LMK&R3xIq#5KxjZH<L3/YM%ghS3x;I^2Sz(pdy{ej{zu#%8/9,y%OKK6n[,B5"71?^2fg:s[RyIW-=l1l}+hcxGx=K&:y[ uT%M0bmd'^2,
                                                                                                                                                                                                                      2024-12-24 11:05:38 UTC12288INData Raw: be cb 8f ff db b1 fd 37 c7 f5 ff ed c1 e3 9f fc 7f 35 fe cd 38 fe df bf cc f8 ef 55 c7 ff 6d 65 fc c7 c5 8f 7f 91 9a 74 6a 6e 34 36 6b 16 71 58 31 9b 20 e8 85 96 62 57 65 0d aa 33 c0 78 40 4c cd 72 d1 94 71 c0 23 e1 a7 cd 15 12 13 3d 21 d1 1c 12 8d 85 c5 54 07 fa 22 79 c6 86 7e 02 ff de 34 d2 0c 7c 2f bd 8d ea 27 28 4e e9 c4 18 7a cb a8 9f 8e d8 fe d3 24 4c 57 d5 80 db f8 ab 2c 92 63 37 62 fa 08 a8 67 a0 3f b1 2d ed f8 e3 42 3d 4a 88 64 b5 65 62 8f bd 47 34 60 82 d0 d6 a0 9e e4 25 92 02 ab c7 ed 42 cb d6 1f 31 ae 0b 24 e3 56 c9 b9 77 c3 25 2e 09 04 ca d9 67 4c 66 a7 d5 94 dc 68 9a 9f b0 b5 17 f3 44 df 95 50 0d df ab d2 64 47 1b 2c 5f 67 4c 63 8c 36 ba a4 1e 40 73 b4 bd b5 f5 29 0d f7 0b dc 5b d4 f4 97 f6 94 a6 ff 68 f8 b9 c8 71 18 1f e9 dc ab 03 e9 d6 df
                                                                                                                                                                                                                      Data Ascii: 758Umetjn46kqX1 bWe3x@Lrq#=!T"y~4|/'(Nz$LW,c7bg?-B=JdebG4`%B1$Vw%.gLfhDPdG,_gLc6@s)[hq
                                                                                                                                                                                                                      2024-12-24 11:05:38 UTC16384INData Raw: a7 8b 7b 73 33 b5 24 57 91 21 cc 3e 3e 7d 7f 70 0c c8 09 44 00 09 53 98 96 9f b1 52 27 e5 67 e0 aa 5b 8a a9 09 73 33 d8 0e 38 4b ca 39 e2 b0 1c 0d 81 8c 62 93 d6 82 b8 42 39 5f 85 9f 6a 7c 57 c3 87 a9 76 02 8a 5c 81 5f 90 3e d2 14 5c 8c 4b 96 2e 53 67 aa 49 80 bb bd cd 1a 1f 9a 5c cd 40 57 42 ed 7b a6 da 1e 18 d0 94 a6 a3 7d ca c3 e9 b0 86 99 6a 4e 71 78 24 9b 52 7e 04 07 bc 31 fa c4 18 26 70 8e 9d a9 84 5b b3 64 78 55 c6 b1 0e e6 66 42 e1 e1 17 d3 e6 db 12 4d 4f e3 39 c8 2b 04 7b 9f e9 69 b4 47 92 c0 28 28 f6 8d c3 d6 0d 6c 29 f4 3d 01 2d f9 50 a8 5e 01 34 6a 93 f9 1f 42 05 c9 58 7e ab 52 9e 44 3c 56 09 5d ac 96 14 28 38 ca 3a 4d 72 53 71 07 96 84 47 a6 d9 f0 fd 64 78 df 06 f2 14 08 5a 80 31 4e 36 82 4a 6b 86 62 f8 31 df 96 9c 72 e0 68 3f fe 48 43 19 49
                                                                                                                                                                                                                      Data Ascii: {s3$W!>>}pDSR'g[s38K9bB9_j|Wv\_>\K.SgI\@WB{}jNqx$R~1&p[dxUfBMO9+{iG((l)=-P^4jBX~RD<V](8:MrSqGdxZ1N6Jkb1rh?HCI
                                                                                                                                                                                                                      2024-12-24 11:05:38 UTC1514INData Raw: f3 7f 1c 3e 49 91 f8 8c 3b 39 30 3e 9d 3f 04 9f 32 56 63 c7 0d ed 27 a5 70 98 9b 5a 09 4f c9 95 83 01 ce 76 cc f5 65 4b 1e b4 80 7d 1d 26 ef 71 37 cc 4f 8e a5 37 9d fc db 05 27 b2 de 1d db ed df d5 50 26 25 d4 ca ca 76 4f 11 7b 5f b3 2f 4c 3f e4 49 4b 3f a9 3d 4e 07 63 6a 1c e6 e6 f4 53 78 42 5b de 32 5e 9e eb 3f e1 81 29 d4 b5 45 be a6 38 df 3f 4c de 2f fc ef 6a 93 7a 65 a5 29 6b 97 ff dd b9 aa ad e1 51 82 d4 54 31 6b 36 3a a6 11 e0 d9 7d 5c d4 00 5f a6 d8 01 65 1b 40 ad a4 70 f4 d5 33 4b dc da fc 60 d6 11 4d 49 74 95 04 bd 0e 77 19 7f 60 1c e8 02 1b d8 c0 be 5d a6 62 fe 5f ef 46 59 c1 fe c6 45 23 73 9a ab 65 6f 12 cd 4e ab c9 07 08 f3 f2 fd 05 11 c0 27 15 6c 07 3e 81 2a e2 d1 70 97 75 54 76 50 fd 6e 3c 39 e4 19 cb 14 07 52 ce 68 5e 22 34 ef 5d 6c de 70
                                                                                                                                                                                                                      Data Ascii: >I;90>?2Vc'pZOveK}&q7O7'P&%vO{_/L?IK?=NcjSxB[2^?)E8?L/jze)kQT1k6:}\_e@p3K`MItw`]b_FYE#seoN'l>*puTvPn<9Rh^"4]lp
                                                                                                                                                                                                                      2024-12-24 11:05:38 UTC16384INData Raw: 0a 1a b7 50 ef 16 65 e4 fa 37 e0 ee 75 d4 54 d1 16 60 03 3e 62 07 c0 06 fc f0 82 77 c7 b6 aa 74 c4 18 49 87 91 fc 04 3c 37 1e e1 d4 f0 b9 b0 4c 94 9d 75 4d 52 9c 3e 9c 90 5a 88 60 43 43 9c 60 03 b1 1c 87 37 01 63 04 c1 40 5c dc c5 ae ca 8d 28 1a d4 ed c4 19 6d fe f5 bf 90 0d 49 e2 4e 5f 4f 17 6f 1e 11 49 24 18 2a 4b 8f d3 c5 ef fd 55 a4 38 74 e6 c0 8b ac 13 f0 ea aa 2a 9b db 15 1c b5 07 55 55 21 9e c2 d1 4d 23 60 32 eb e6 59 d1 5f c5 bf 89 66 03 53 1a 85 a9 66 ca 14 75 28 2d e2 fe d8 35 e2 be 39 d6 a8 23 56 3c 3a d2 43 2b 1e d1 f6 03 86 c4 77 83 26 50 4b cf 94 a1 71 f0 0d d1 1c 58 bf 28 30 55 6a c0 3f 01 a5 1b 41 91 7f 08 b2 22 c9 60 85 7f 97 d7 ae 4d 2a 0b 39 6c 12 6b d2 9b 34 27 6e f5 f0 14 ec 27 dd fe 13 de 72 b4 e4 6b 7a 54 33 98 5b 37 57 e6 03 44 30
                                                                                                                                                                                                                      Data Ascii: Pe7uT`>bwtI<7LuMR>Z`CC`7c@\(mIN_OoI$*KU8t*UU!M#`2Y_fSfu(-59#V<:C+w&PKqX(0Uj?A"`M*9lk4'n'rkzT3[7WD0
                                                                                                                                                                                                                      2024-12-24 11:05:38 UTC16384INData Raw: f3 48 93 a0 d0 eb 79 a1 eb a8 a1 7d 9c fa 33 3c ad 9d fa 43 03 87 3f 7e 09 c3 ee 63 f8 f3 bb 2f cd fa fd 8c 59 75 61 eb 0f 05 80 c6 be bc 76 54 57 8d 15 dc 95 ec eb dd c0 31 c6 90 49 ea 83 bb 02 aa 49 2a e7 15 0c f7 3b ba 30 13 7b 6a 32 30 4a fb 69 2d 98 7d 3c 39 40 b6 a6 cf bc 85 ab 29 9b 43 36 e3 dc dc f4 4c 41 6f 9b 71 1a 26 3d 55 29 82 e8 bd dc 20 08 fa 9d a8 b6 f7 41 9f 1f 51 43 f7 74 a6 e0 8a d0 57 88 d0 35 eb a3 70 89 c3 39 19 3e a4 dc f9 4a 91 53 21 2f 55 fe dc 05 82 01 83 96 2b b9 19 fe 35 d5 58 34 7c a3 8b 52 f2 4f 4a f7 a6 06 47 b8 a1 38 ba 43 71 c4 6e 2e 16 50 c5 c1 46 6e dc 19 d9 c8 2d d4 6f 5d 2f 63 23 1b 33 a1 91 59 ef 6b c1 ec 2d 74 52 14 61 67 4b c1 d3 d1 59 0b 3f cc f9 d7 13 01 cd 70 9a 0f 51 7e fa 45 1c 74 20 b4 65 9e 2a 17 de 45 5f 35
                                                                                                                                                                                                                      Data Ascii: Hy}3<C?~c/YuavTW1II*;0{j20Ji-}<9@)C6LAoq&=U) AQCtW5p9>JS!/U+5X4|ROJG8Cqn.PFn-o]/c#3Yk-tRagKY?pQ~Et e*E_5
                                                                                                                                                                                                                      2024-12-24 11:05:38 UTC3028INData Raw: 64 c4 f4 d8 62 17 6d d7 7f 15 35 05 d1 c8 db 45 a4 6e 46 50 a7 21 41 5d 4c 15 f6 96 34 11 24 6b 10 37 95 92 2c fa c4 d9 50 68 c6 9e be 03 42 0c 6d ed 11 46 a6 ad bf cd 88 a5 ad 8e de 7f 93 b6 f6 0c a3 ad d1 37 b3 22 6f e6 8e f0 e6 e1 04 02 8c 3b 03 71 76 23 01 3e 46 5f 2e b8 10 22 03 2f a0 51 ae 9c dd 38 5f 3f 12 25 06 f6 43 9b 8d 94 d8 5d 5a 4e de 26 a7 ed 67 bd 77 7b f0 3c ed 1b 99 1a ec bd 94 73 83 51 53 83 0f 26 f3 e5 c4 b8 46 bc 51 79 56 fa 63 65 d5 d2 28 43 c1 cc 19 6a 81 64 88 0d cc de 91 9f 66 66 c5 9c 66 26 ae 53 89 ad 53 59 ad 78 b4 93 cc ac 98 93 cc c4 1a 72 58 0d c5 e1 1a 32 79 0d 91 23 4c 06 8e 37 b5 26 df 43 a7 f1 32 55 40 4e fe f2 10 5b d9 40 b0 a1 af 90 e9 a2 c9 3c 33 fe 42 3b 3f af f9 f2 f9 18 fb a5 8c 11 ed 97 8e 12 27 5e 74 77 43 52 af
                                                                                                                                                                                                                      Data Ascii: dbm5EnFP!A]L4$k7,PhBmF7"o;qv#>F_."/Q8_?%C]ZN&gw{<sQS&FQyVce(Cjdfff&SSYxrX2y#L7&C2U@N[@<3B;?'^twCR
                                                                                                                                                                                                                      2024-12-24 11:05:38 UTC16384INData Raw: a4 34 97 a0 97 0a db 9b ba fd 80 39 58 04 c6 a3 10 97 7d 61 de 36 8d f7 9a 0d 21 55 fb e1 3c e7 0b 4c b3 f5 29 0e 55 fb d1 57 5e 46 cf e9 80 b2 15 e6 01 0d f4 75 6a e4 c2 3c 68 10 c6 3b 64 20 77 66 2e 45 1f c0 1a 59 03 03 6b 68 d4 e2 38 42 0e cc 15 1b 52 fa f1 8b c0 06 2f f1 c4 b0 c1 b0 ea 61 d1 6b 02 c9 2e e0 55 bc 77 86 57 fb 18 40 65 62 d2 1d 0c 8e 05 fc 27 25 19 04 d1 1d 16 be 60 eb 52 09 f3 24 32 3f de 34 e1 97 6c 8d 2e 76 d1 4a 1d 23 cf 50 bc 54 ed 76 51 b8 ff 45 d3 c3 0f a6 f0 43 66 f8 21 9b 3f f8 aa f3 2e 90 ca 99 61 45 63 b2 09 e0 02 a6 f1 b6 72 f2 04 ec ae de 6b 49 0a 59 1e f5 14 7c 20 74 84 31 7e e3 89 58 a3 21 37 c5 a6 d7 18 4a e9 df b5 5c 9f b8 b4 b2 9d 7e a7 2c 1a 6f 85 f9 c7 af 30 91 bf 63 44 19 20 5c 78 00 55 07 24 02 89 80 ff 1d 71 e3 f3
                                                                                                                                                                                                                      Data Ascii: 49X}a6!U<L)UW^Fuj<h;d wf.EYkh8BR/ak.UwW@eb'%`R$2?4l.vJ#PTvQECf!?.aEcrkIY| t1~X!7J\~,o0cD \xU$q
                                                                                                                                                                                                                      2024-12-24 11:05:38 UTC15596INData Raw: 30 d6 6f a9 1d 6a 68 0d c2 6b e2 f5 f3 2b 3e 16 a7 1a 5b dd a1 06 b5 e1 5d 1c 99 77 8c 55 1b de 13 a0 05 06 02 1f 1c 05 c2 dd 77 38 b1 8a 8c 65 9e 70 4b 3e 1f 75 81 5a 1a 3f 8a af 85 d9 b5 6c 4c 53 cb 6c 79 90 6a 32 b1 9a 62 fe fc d1 c1 ab f1 25 54 33 c5 ae 66 6a ba 6a 94 89 e7 05 b9 3e 8d af 44 5e 56 16 6e 99 cd 2b 2e 50 49 f7 df e3 2b 41 3f 26 55 82 9d 04 95 e8 b3 9d c0 7c 0e c3 c0 5a f8 8c a7 fb 4d a6 ed 4a ea e8 67 79 75 a1 e8 e8 d0 33 c8 1e 8d a2 7f 77 59 fd fb ec d7 db 8b a9 6d c2 a5 08 e6 d9 32 b1 d5 e7 e5 59 02 e2 06 8d a5 99 00 7f bd d6 56 69 02 cf 80 f6 ce 7f 3a 21 53 0a ec c2 54 2b a6 e8 dd 9a d8 bb ed b1 77 b5 b1 77 5b 63 ef fc b1 77 1b 27 64 0e ac 67 77 8f 8f d3 8f e6 28 96 c2 e1 c5 4d 37 a4 1e f5 62 a8 5d 0f e8 e5 b4 46 a9 ce 12 4b be 80 5b
                                                                                                                                                                                                                      Data Ascii: 0ojhk+>[]wUw8epK>uZ?lLSlyj2b%T3fjj>D^Vn+.PI+A?&U|ZMJgyu3wYm2YVi:!ST+ww[cw'dgw(M7b]FK[


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      6192.168.2.44974665.9.108.2234436836C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:05:41 UTC136OUTGET /f/AVG_AV/files/1319/avg.zip HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      User-Agent: Inno Setup 6.1.2
                                                                                                                                                                                                                      Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                                                      2024-12-24 11:05:41 UTC555INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Content-Type: application/zip
                                                                                                                                                                                                                      Content-Length: 125405
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Last-Modified: Tue, 17 Oct 2023 08:25:24 GMT
                                                                                                                                                                                                                      x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                      x-amz-version-id: 7L8o.GLX1Vn.tHqh_TFMmsecTIZweR8e
                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                      Server: AmazonS3
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:05:41 GMT
                                                                                                                                                                                                                      ETag: "56b0d3e1b154ae65682c167d25ec94a6"
                                                                                                                                                                                                                      X-Cache: Hit from cloudfront
                                                                                                                                                                                                                      Via: 1.1 cc308cac72966d971a24d7b2a41ddf70.cloudfront.net (CloudFront)
                                                                                                                                                                                                                      X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                                                      X-Amz-Cf-Id: 2kflZEzwPCj-X6hx0bHJw8ptpPsHiV1galVoLSKFFA4f6GVHLLgYBQ==
                                                                                                                                                                                                                      Age: 7929
                                                                                                                                                                                                                      2024-12-24 11:05:41 UTC16384INData Raw: 50 4b 03 04 14 00 00 00 08 00 c5 58 51 57 d0 61 0b d8 1f e9 01 00 b8 95 03 00 1c 00 00 00 61 76 67 5f 61 6e 74 69 76 69 72 75 73 5f 66 72 65 65 5f 73 65 74 75 70 2e 65 78 65 e4 5d 7f 7c 54 47 11 7f 97 1c c9 95 1e bc a3 4d 6a da 52 48 2d 56 ea d1 36 10 40 e8 01 0d 81 03 5a 09 bd 10 b8 a0 25 40 2d 8d e7 89 1a 93 3b 40 4b 28 e9 e5 2c cf c7 53 54 50 54 aa 54 ea 47 54 d4 a8 89 a4 48 e8 25 c1 fc 2a 42 42 51 d2 82 36 5a d4 97 26 da b4 a4 e1 80 34 e7 77 66 df fd 08 bf ac 1f fd 4f 5a ee ed db 9d 9d 9d 9d 99 dd 99 9d dd 7d e4 7d 6c bb 94 2c 49 92 19 7f 23 11 49 aa 95 c4 9f 1c e9 df ff c9 34 49 d2 e8 f1 07 47 4b d5 37 fc ee ce 5a d3 e2 df dd b9 cc f3 c9 b2 cc 92 d2 cf 7e a2 f4 b1 4f 67 3e fe d8 67 3e f3 59 5f e6 c7 9f c8 2c f5 7f 26 f3 93 9f c9 9c ff 48 41 e6 a7 3f
                                                                                                                                                                                                                      Data Ascii: PKXQWaavg_antivirus_free_setup.exe]|TGMjRH-V6@Z%@-;@K(,STPTTGTH%*BBQ6Z&4wfOZ}}l,I#I4IGK7Z~Og>g>Y_,&HA?
                                                                                                                                                                                                                      2024-12-24 11:05:41 UTC16384INData Raw: 5f c5 5d 11 95 f4 c0 f9 6c b9 95 6e 28 fc 02 31 9f 64 47 90 ef f8 94 64 c1 6b 65 cd 4b 08 ba 3e 74 dc f7 1c 45 bd 18 b6 4f cd 38 16 38 67 75 dc 47 8a d6 cd 73 49 f4 71 04 ff 44 58 de b5 06 ce a5 3a ee fb 0d c2 f0 b4 65 0d bc 9b da ea 6e 5f 64 06 46 97 bb dd 3f 7d f3 b9 4e 4a b9 ef 01 2a 28 c5 4c 05 e5 a4 f9 37 28 9b b7 11 e2 d0 76 92 d5 e7 22 c7 57 ef 97 39 2a 46 d1 cb 63 6a f6 db 36 9f eb 05 44 f9 a2 86 94 04 35 6b 8e b2 79 17 67 ad a3 01 9d 6a 0e 34 df 8e 9b 55 d7 ba da cb af 21 c1 1d 57 69 16 b4 14 64 1e 92 fe 15 5a 56 8f aa ca 4a 36 f9 93 73 0a 70 34 b3 e1 fd f0 3d 66 72 fb 2c bf c1 a0 79 13 ef 84 4d 9d e3 be ef 9b 81 6e 49 bf e5 d9 cd 73 73 8a 7d c5 8e e0 1b 88 d8 bc de fa b5 bb 66 cf f7 67 06 ce 17 38 ee 53 f8 9e 79 7b 38 07 f3 89 6a c5 b7 38 3b d5
                                                                                                                                                                                                                      Data Ascii: _]ln(1dGdkeK>tEO88guGsIqDX:en_dF?}NJ*(L7(v"W9*Fcj6D5kygj4U!WidZVJ6sp4=fr,yMnIss}fg8Sy{8j8;
                                                                                                                                                                                                                      2024-12-24 11:05:41 UTC16384INData Raw: ee 61 a2 f4 07 a9 51 b2 91 cf 00 7b 1b 60 b4 47 fa 1a de cf b1 15 49 a8 98 cf 20 4e ac 7d 46 12 76 ec 06 2e 91 c3 ee 17 8c 82 a5 57 e5 a5 a0 83 5c 4f 99 44 b3 02 ed 4b 49 c6 48 e3 6b 20 68 dc 90 b7 2c ab 0d d3 d3 0b 6d 39 09 e4 55 1e 31 74 1c 32 87 74 1c 2e a5 e0 50 f5 a0 88 47 1e 1a c3 d0 dc ad 6a 5c 12 b3 be c6 59 2c 63 e3 e6 d8 62 c6 c6 ee a5 58 c2 52 d8 85 e4 26 c8 d0 c7 c9 ad 1d 33 bf e6 f1 af fe 98 79 32 ec 16 e6 80 26 9e 05 c2 26 5b 99 fa 09 a4 03 e3 0d 55 ab f0 36 1b f2 85 52 3e 27 05 1e ba 05 7e 2c 0b ce b2 b2 87 d6 c0 ad 8f 83 12 32 2c c0 80 f2 63 48 fc 21 8a 5b 8f 8e 80 45 6b 64 15 ff 36 71 a4 02 9c 59 a2 a7 10 71 b7 19 31 89 1b c9 32 26 f2 c0 d3 08 a7 02 1c 05 00 cd e9 8a 17 d0 c7 f0 51 51 de 45 1c f1 f7 c0 a4 59 3a 39 64 be ca 5d 01 d5 31 f2
                                                                                                                                                                                                                      Data Ascii: aQ{`GI N}Fv.W\ODKIHk h,m9U1t2t.PGj\Y,cbXR&3y2&&[U6R>'~,2,cH![Ekd6qYq12&QQEY:9d]1
                                                                                                                                                                                                                      2024-12-24 11:05:42 UTC15253INData Raw: 20 7e 30 de 7f 76 b2 6c 69 d8 67 bf bf 15 a4 3a ed 30 7d 8c 51 70 eb 8f cc 92 78 ef da d4 77 d9 ed fe 16 33 7c b6 83 32 93 27 db 26 1e 1c e8 9d d2 07 6b 4b 09 1c 73 f6 a5 44 ad 31 0d a2 63 16 3b cf c9 47 23 9e 72 0f dc 47 5d 73 a1 8e 85 d5 76 6d 3c 77 e7 33 2a 7a ce a1 0d c9 d4 b9 b2 4d 3e ea 68 09 f7 ef fd b1 40 1c 2d 40 54 48 c7 9e f3 24 bd b6 ea e9 2f a1 37 fc 8f 18 0c 42 85 f0 22 b6 c0 48 a4 41 a1 c3 75 27 c2 e5 d0 6f ba 6d 36 9e 44 b8 a8 9b 67 80 98 15 c8 bb 0f 09 b3 be 3b 06 fb c9 29 99 ae 0b cf 8d 67 cb 73 95 4b f8 a9 d6 eb 3f c2 0f 4f c8 ab e2 ec 84 df ad 21 a4 05 c9 6c ac e3 00 9f 64 ca ce de 5d ca ae b0 83 c7 ea 74 00 d6 92 81 9d c8 29 d5 59 08 33 57 a2 5e 28 60 8e ae ce 25 0f a2 d3 f1 c3 7e c2 dd ac 55 e7 53 c4 5c 87 ae 47 46 0b 82 1c d4 51 f5
                                                                                                                                                                                                                      Data Ascii: ~0vlig:0}Qpxw3|2'&kKsD1c;G#rG]svm<w3*zM>h@-@TH$/7B"HAu'om6Dg;)gsK?O!ld]t)Y3W^(`%~US\GFQ
                                                                                                                                                                                                                      2024-12-24 11:05:42 UTC16384INData Raw: 87 63 05 2d 48 de 89 dc bd ed 4e 64 1a 8b 61 2b b2 be 0e 5b 23 a4 cf ed 44 52 c6 5c ab 95 76 0d fd d6 7d 81 48 04 f3 cb de 61 a6 02 18 ee 86 6d 39 83 9f 02 b7 82 dc 0e fb a5 b0 bf 45 69 18 2f e0 94 7f a2 fd 9e 2d 3f fd 41 6c 52 83 2d 9b 16 e0 2a 1b c2 7e 29 a8 03 3d 6c cb 9e 84 65 84 de 64 cb 14 87 65 71 d2 4b b1 36 b6 8b 75 4d 34 60 82 95 9d 1c 02 3a 10 83 6b c0 3d cc 54 f8 e6 6c db d5 1c b1 fd ec 1b fb f9 9f dd 5e 05 db 8d d6 cc 4d 4f 15 37 82 71 33 9f 4f 5f 8b 9b fa 14 6b a7 ba 5b d7 c4 02 e2 38 fb 94 d9 c4 c2 69 bd 0f 35 c1 29 93 e2 34 ef 12 03 95 1d 1d 2d 2b d9 21 a0 10 e9 f8 58 c9 3e 15 5c 58 02 0c c2 c4 7c 80 b4 7c a1 7d 11 37 64 8e d5 2a cb 29 6d e9 cb c5 44 65 3b 0b 61 6a 8e 14 37 83 13 89 83 eb 77 34 cf 75 c0 a8 78 82 e6 b3 d3 f1 ca ea 92 f5 6a
                                                                                                                                                                                                                      Data Ascii: c-HNda+[#DR\v}Ham9Ei/-?AlR-*~)=ledeqK6uM4`:k=Tl^MO7q3O_k[8i5)4-+!X>\X||}7d*)mDe;aj7w4uxj
                                                                                                                                                                                                                      2024-12-24 11:05:42 UTC16384INData Raw: df 4e 10 a8 2e 93 96 1e fe 40 87 3a 53 21 51 bd 66 15 d5 2f c9 81 03 b1 2e 02 06 0e ec a8 d1 74 cc 16 eb d1 e0 e3 a9 1c 88 8f 92 84 6c 7c 84 b0 b0 9e 29 29 3d d9 6a 2d 4a fc f6 1c ca f0 ef f0 46 23 4d 1d 19 8e ad 46 4c 27 41 03 3f 50 44 98 ec e9 9b 5e 52 39 0d 52 68 86 95 97 a5 59 3d 69 4c 23 d5 a7 97 e9 58 dd 46 0b 0d 6f c7 22 cd da 83 95 85 ae 3f 24 3d d9 a2 b6 38 6a 1b 69 a3 78 9f 63 00 b3 74 36 d9 51 1f 39 eb f8 77 1c 13 c5 3a b5 b0 84 3f f9 b7 72 23 d0 f7 0c f2 25 c5 b8 a5 fa d3 c5 5a b3 a5 76 8c 16 1a de 26 ac 93 a4 76 f1 4d 51 a9 4d 78 50 6a 17 f6 52 db ec 9b 9e 82 d4 07 13 b6 29 2c 66 2d f5 27 95 a5 cd fd 92 59 f0 3e ca 75 a8 7b 20 5b 13 73 1e 88 bf 8e f0 97 06 db 6c de be 86 ff 79 0a 4a e4 b2 3f a5 a4 81 15 b7 0c c3 5f 4f fa 0e 27 b6 69 fc 1b 88
                                                                                                                                                                                                                      Data Ascii: N.@:S!Qf/.tl|))=j-JF#MFL'A?PD^R9RhY=iL#XFo"?$=8jixct6Q9w:?r#%Zv&vMQMxPjR),f-'Y>u{ [slyJ?_O'i
                                                                                                                                                                                                                      2024-12-24 11:05:42 UTC16384INData Raw: 01 db 81 7b 6a ca 7b ef a8 2b ef cb 60 f9 70 3e 95 c5 d5 94 f7 dd 43 da 2e a0 b5 ba f2 5e 19 f0 13 f0 2b 50 0f 98 a8 77 df df 4d bd c7 fe 13 ea aa 07 7e 51 d7 3c 54 a6 ae 75 f8 9f 54 8b 9f 3f ba b7 3d 72 a0 67 a7 83 c4 d0 a3 e3 e1 fc 1e 1d 8f a8 f5 e8 74 98 7a 76 3e 4c ea ca fb 81 7d 97 80 d6 c0 79 00 f1 46 f4 03 72 85 f3 bd 02 54 f6 c5 a9 f7 3c 60 a7 ae 7e 90 d4 b5 71 7f bf 63 cf d4 07 1c eb ca ca 99 12 f6 bb b6 51 d1 9d 45 a1 49 ea 92 71 19 fd 24 23 a7 eb 49 86 cf 30 96 f8 17 89 25 be a5 32 89 57 b9 ad c4 b3 c2 41 32 64 b1 b3 c4 b5 72 88 c4 65 85 a7 c4 b9 ca 5b e2 bc d2 47 e2 54 e3 0b 0c 95 38 23 74 59 e9 2d 71 ad f6 92 78 ac 72 96 38 17 0f 93 0c 14 2f fd be bf 61 35 0d 00 8c ac 4a d7 5a 7a 66 8c d1 d3 5f 4e 7a 7a 2b 48 43 65 2f 93 e1 2a 38 aa 00 97 3f
                                                                                                                                                                                                                      Data Ascii: {j{+`p>C.^+PwM~Q<TuT?=rgtzv>L}yFrT<`~qcQEIq$#I0%2WA2dre[GT8#tY-qxr8/a5JZzf_Nzz+HCe/*8?
                                                                                                                                                                                                                      2024-12-24 11:05:42 UTC11848INData Raw: a4 3c a9 cc 81 bc 2e 55 d6 2a 1b 60 11 77 29 07 d4 ae 5a be b6 46 3b a4 9d d4 ae 68 b7 b5 60 bd 99 ce e8 f1 fa c3 7a 9a 3e 52 9f a8 4f d7 2f eb 3f e9 2d 8d 0e 46 ac 71 db b0 88 71 c9 7a af 06 f4 68 41 0a e4 68 72 3c f9 34 39 9f dc 0b 7a 5f 23 6f 91 c7 a9 1b 94 3f 22 9f 7e f4 3c 7a 11 7d 86 be 44 5f a5 03 99 56 4c 04 a3 30 7d 98 1c 66 23 f3 0e f3 3e 73 d0 27 d6 ac c7 36 61 c3 d9 76 b0 19 1c ac 46 1c 9b c0 26 b1 c3 d9 4c 36 87 2d 64 1f 03 ad 17 b2 6b e0 8f 77 83 de 37 e0 77 eb 59 9e 04 72 39 0a 11 51 4d be 3e 7f 1f 3f 10 71 68 3e e2 cf 57 f8 4d d0 d8 fd fc 71 fe 22 5f 4d 68 28 dc 2f b4 16 3a 08 c3 84 49 c2 35 a1 ba d8 06 51 d3 97 52 a8 dc 1c 5a 1b 21 47 c2 27 4f 97 f7 83 5e 47 21 b9 27 e4 85 5a a4 3e 1c ff c3 cd f1 fa 93 f0 b5 0d 8d 08 a3 0c b1 9f 9f 2d 57
                                                                                                                                                                                                                      Data Ascii: <.U*`w)ZF;h`z>RO/?-FqqzhAhr<49z_#o?"~<z}D_VL0}f#>s'6avF&L6-dkw7wYr9QM>?qh>WMq"_Mh(/:I5QRZ!G'O^G!'Z>-W


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      7192.168.2.44974765.9.108.2234436836C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:05:43 UTC164OUTGET /f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      User-Agent: Inno Setup 6.1.2
                                                                                                                                                                                                                      Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                                                      2024-12-24 11:05:44 UTC629INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Content-Type: application/x-zip-compressed
                                                                                                                                                                                                                      Content-Length: 5627506
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 17:59:42 GMT
                                                                                                                                                                                                                      Last-Modified: Thu, 25 Apr 2024 14:45:12 GMT
                                                                                                                                                                                                                      ETag: "c0eb1d6c28dad5e8c4c84ede4284a15a"
                                                                                                                                                                                                                      x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                      x-amz-meta-cb-modifiedtime: Thu, 25 Apr 2024 14:42:48 GMT
                                                                                                                                                                                                                      x-amz-version-id: JAmPfSbhFAZjvy19_8x1rg5UYa5pZuKT
                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                      Server: AmazonS3
                                                                                                                                                                                                                      X-Cache: Hit from cloudfront
                                                                                                                                                                                                                      Via: 1.1 5e51c2cb85f3832b4e4037f8dff6904c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                      X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                                                      X-Amz-Cf-Id: bPjiObEy50t3ldnm2jstQSAvnP7tHik70b4KkJU16e5etULoQbnAlQ==
                                                                                                                                                                                                                      Age: 61563
                                                                                                                                                                                                                      2024-12-24 11:05:44 UTC16384INData Raw: 50 4b 03 04 14 00 00 00 08 00 fc 8c 99 58 98 e8 86 f1 ae dd 55 00 88 64 57 00 1f 00 00 00 6e 6f 72 74 6f 6e 5f 73 65 63 75 72 65 5f 62 72 6f 77 73 65 72 5f 73 65 74 75 70 2e 65 78 65 ec 5c 7f 7c 53 d5 15 7f f9 d5 86 36 69 52 48 b1 40 8b 05 8a 32 0a 8c ad ad a3 86 62 f8 91 82 93 e2 ab a1 09 4c 0a 6e 4a 16 df 9c 43 78 0f d1 51 69 4d b3 11 1f 71 6e 73 9b 6e 6e a3 76 3f d8 e6 26 db 98 e2 54 68 01 69 99 3a ca 8f 61 9d 6c 56 65 7a b3 54 ad a3 96 22 b5 6f df 73 6f 52 dc af cf f6 d9 e7 b3 ff 56 78 79 f7 f7 3d f7 dc 73 cf 3d e7 dc 73 5f ed 27 ee 93 2c 92 24 59 f1 18 86 24 ed 95 c4 9f 4f fa f7 7f 5d 78 f2 2e fd 75 9e b4 67 cc f3 53 f6 9a 96 3f 3f 65 65 e4 e6 4d 25 1b 36 7e ee d3 1b 3f f9 d9 92 1b 3f 79 eb ad 9f 53 4b 3e b5 be 64 a3 76 6b c9 cd b7 96 2c b9 36 50 f2
                                                                                                                                                                                                                      Data Ascii: PKXUdWnorton_secure_browser_setup.exe\|S6iRH@2bLnJCxQiMqnsnnv?&Thi:alVezT"osoRVxy=s=s_',$Y$O]x.ugS??eeM%6~??ySK>dvk,6P
                                                                                                                                                                                                                      2024-12-24 11:05:44 UTC16384INData Raw: 82 63 b4 5c 45 f1 1a 28 43 9d 05 fc 10 82 5f 91 fa bb 82 13 c2 46 bb c2 75 78 29 aa 9a 20 55 8a 3e 79 80 60 6d 70 29 24 12 4c ad 4f a8 87 03 84 1a de 27 54 ca 4a 12 21 d0 20 61 c2 32 ea f0 2b c4 39 f7 e0 76 bb dc 04 56 a6 38 7a 2f 88 b4 04 17 29 2d 09 6a 1a dd 96 92 de cd 4a eb b6 d9 9b 40 82 bd c9 04 aa 72 0a 93 a4 f7 a8 55 98 5c b7 9d d4 ab 7c f2 3f 55 86 bd ff d6 32 44 e7 91 84 a3 08 73 21 ec 84 4e d8 49 1a b2 93 e3 14 fc ad ed 62 96 48 0d 3f e6 aa 96 b0 e0 60 a3 4a 02 4f be b0 2a d0 41 52 89 b4 e2 be 3c cb 09 9d b0 2e 49 64 21 b3 a7 f9 48 e1 06 2c 11 66 11 ec 54 30 e0 e3 0d 7c 20 27 4c 08 4f d0 94 80 d1 8b f3 14 89 50 19 d4 68 aa a9 14 d6 79 b0 9d 3a 43 88 36 50 14 06 21 4a 36 12 45 bb 87 85 62 dc 19 0c b9 d2 41 7f 06 60 c6 7d 52 c0 5d 51 32 20 03 51
                                                                                                                                                                                                                      Data Ascii: c\E(C_Fux) U>y`mp)$LO'TJ! a2+9vV8z/)-jJ@rU\|?U2Ds!NIbH?`JO*AR<.Id!H,fT0| 'LOPhy:C6P!J6EbA`}R]Q2 Q
                                                                                                                                                                                                                      2024-12-24 11:05:44 UTC12288INData Raw: 96 d5 df b6 43 90 32 27 48 31 a6 ac a0 9a 69 c9 0a 6c 9a 01 d5 a1 cd 9f 59 7b c6 5e 17 4d 85 39 a9 2b 05 20 86 16 1c 0c 2e 7f 50 b9 83 72 c3 cf 18 dd 37 ca 07 1b 62 88 ed d6 5b 6e bf 4d 14 b1 dd 7d 7b 71 d9 75 fd 8e 66 f9 89 3b de 33 e4 3f f9 87 5e 2f e9 b8 aa 7f 9f 5a 9c 66 85 30 68 73 5c 28 24 9b 4f 3b 7e 74 d3 05 53 61 71 ec 8e 67 90 ce 59 ff d9 07 8d a5 19 6b ce cb 7d 1d c8 fd 97 37 43 61 00 cd ab 95 01 32 42 6b 29 7f 3d 9f 02 5a 83 61 b8 be f3 73 c1 da 99 a7 f2 16 49 04 42 6c cf 84 00 44 0b 30 b8 af 25 16 35 4d 44 65 71 50 75 74 eb e5 d7 9e 3a 57 f5 34 a8 f7 9f fa 52 00 03 0b fe 17 da dc cb 60 0c db 4a 51 83 0e f2 f0 09 03 b0 14 83 2d e0 4a 8b d7 c4 8f 31 0c c0 72 f7 c9 13 20 d0 ef b1 b3 8a d5 7f 5c f8 9c 9b e4 5c b6 9a d1 d6 1f 5b 49 53 87 81 76 ee
                                                                                                                                                                                                                      Data Ascii: C2'H1ilY{^M9+ .Pr7b[nM}{quf;3?^/Zf0hs\($O;~tSaqgYk}7Ca2Bk)=ZasIBlD0%5MDeqPut:W4R`JQ-J1r \\[ISv
                                                                                                                                                                                                                      2024-12-24 11:05:44 UTC8949INData Raw: c8 82 5f 8a 61 01 7a 98 a3 ca 40 6c 09 a6 b8 e7 44 12 22 a1 d1 56 5f 01 7f a6 90 c8 c2 0c 64 3a 11 5d 7f 65 3d 0d d3 90 32 06 56 36 81 3b 90 f4 12 90 71 53 30 50 29 f6 b2 10 be ec 64 ae fd c9 9c 83 32 87 0e f5 a7 7f 98 29 8b 57 97 ca 21 14 e4 56 5d 9c 09 c7 69 16 c0 da fc aa c8 88 80 a7 3d df 9d 1d 96 d8 ec b0 ec 34 27 42 9e 0e 7d ee e9 3e 5e 20 05 5e c7 04 04 e2 85 0e 79 22 c8 62 24 46 9f 7a 06 09 de 45 f7 6a d8 7a c4 81 50 f4 6a 17 98 44 f4 81 8b 62 38 18 8e fa 4f b2 92 bf 99 2b c1 97 16 7f 62 e8 ba 93 c1 e8 2a b6 60 b1 58 ec 11 42 1c 72 f1 c5 17 0f ec ce 9b 9a 70 05 b0 62 c5 8a b9 00 20 59 7e b2 4f e0 94 11 7e 7b 92 b4 22 48 42 b2 50 84 f9 f7 de 2f 16 df 7c ab e8 de f2 1c 0b c1 65 95 64 52 13 76 b0 66 c0 4e 11 92 5b 4f 82 a3 39 ff 96 10 e3 3e 82 3a b7
                                                                                                                                                                                                                      Data Ascii: _az@lD"V_d:]e=2V6;qS0P)d2)W!V]i=4'B}>^ ^y"b$FzEjzPjDb8O+b*`XBrpb Y~O~{"HBP/|edRvfN[O9>:
                                                                                                                                                                                                                      2024-12-24 11:05:45 UTC16384INData Raw: b0 37 49 30 f2 f3 7d 4a b5 c6 0a 56 37 d7 4a af e8 7d ec b7 94 50 63 37 af 34 62 3b 04 4f f4 0a 52 07 d2 ac 9b bc 3d 8e 64 07 9c 90 23 45 2c 9e b7 50 45 59 f4 3e 48 d9 5e 1f 57 71 e7 e7 50 19 61 a5 c6 a5 0a a3 59 fa f9 4c 69 b6 77 f8 09 23 9a 7c 4c b9 2b 29 3a 17 e9 d3 7c e9 67 dd 0b f2 12 6c 75 6f bd 4b e8 f3 1d 54 3b 5f eb 1e 4b cb cc dc 6e 88 ff c4 70 cc 00 ab fd 4c 60 ca 37 ac d1 60 53 14 e4 e1 ad 24 69 ec f2 db 4f a4 ad f1 96 28 5a 73 78 06 ed a6 11 bd 71 42 4e f7 20 29 e3 96 f3 07 ee 77 63 07 03 7b ea eb 1d a5 b0 7b fc 2a d2 76 d9 be a7 11 8d b7 b1 c4 05 9e aa 80 be 88 55 da b4 3e 24 e2 63 6d eb 64 cd 91 12 4c 71 3c 42 ea 2a 76 37 0d 29 19 4f bb 37 e7 b9 3e 18 c0 5d 85 c2 19 fc 3d 1a 35 7a d6 2e cc 75 83 29 07 1f 5d 31 7c a6 f9 95 69 09 4b e9 59 92
                                                                                                                                                                                                                      Data Ascii: 7I0}JV7J}Pc74b;OR=d#E,PEY>H^WqPaYLiw#|L+):|gluoKT;_KnpL`7`S$iO(ZsxqBN )wc{{*vU>$cmdLq<B*v7)O7>]=5z.u)]1|iKY
                                                                                                                                                                                                                      2024-12-24 11:05:45 UTC16384INData Raw: 9c e1 9c e3 31 e7 17 77 39 9f d8 7e f2 d3 61 6f 22 93 e2 76 51 14 1f f6 f3 cf d9 ca 5e 4c 19 a7 d7 01 4c 4c be b4 ed 9e 6b b5 d8 fa 44 83 b0 bb 8c 81 5f d5 e2 d8 91 23 8c 43 3f a5 47 67 06 ee ce a5 df 60 c8 1d 8c ec bf 16 41 81 41 e0 b7 36 d0 44 1d 8b e6 5e cd 50 2c ff 11 14 2e 6c 36 75 31 ea 48 2a 1f c0 4e 53 4b 9f 36 f5 39 6f eb 3a 9e 0e 86 55 ae c3 93 ce 99 64 5b ff 0f 2b b5 8d 57 49 a3 b9 1d f5 7b 3e 75 f0 7d 6b a5 da 50 ef ff 9d b5 be 9e b6 f5 1f a8 8d 22 eb 75 eb d2 76 de ee 55 d2 c1 ea 88 d1 9c 0e 8a 5a 69 e5 59 3b d9 fe 5d be 6e 9b a9 f9 4c db 39 6a 8b 97 4a 6a ab de 38 fe f5 e3 a8 6d 51 eb 74 f5 87 68 e4 da 4d 0f 5b b7 6d a5 b2 7d 37 c5 b8 a5 21 19 a8 6c df bf 9e 62 d4 b2 41 58 00 28 f9 3d b9 4e a1 65 0a 29 d6 9e 87 e2 95 f5 25 86 f5 39 ba f5 08
                                                                                                                                                                                                                      Data Ascii: 1w9~ao"vQ^LLLkD_#C?Gg`AA6D^P,.l6u1H*NSK69o:Ud[+WI{>u}kP"uvUZiY;]nL9jJj8mQthM[m}7!lbAX(=Ne)%9
                                                                                                                                                                                                                      2024-12-24 11:05:45 UTC16384INData Raw: 19 54 c7 b7 00 df 1a 8a d7 e7 58 b6 34 fc ae ce 1b 11 fe c6 c2 3a f9 11 12 42 1f 8e 91 b1 12 bc 3d a3 17 7f 08 a0 52 19 f4 2c e9 8b 05 7e f0 f8 bb ad c3 f1 12 e3 91 a1 4a df a0 23 11 11 01 4d 65 9c 5d 9a 23 de c4 72 64 e3 62 93 1d 47 08 2f 4b e3 8a 96 2e 58 fe a4 fc f6 27 82 2c a3 c5 a3 a9 ef 55 d9 4c aa 94 ca 96 9d 60 28 6f f5 68 b0 45 31 f4 23 83 a1 93 57 a6 c6 77 5c e1 e0 83 ca cf 17 80 5b 99 0f d2 10 30 ad 6c ff d4 3a 32 0b 74 f6 23 84 49 de ef d0 a4 db 85 8a 05 4f cf bd 53 e9 60 27 6a 59 13 d5 fa d9 5b 77 70 94 80 84 c0 75 b1 6b 82 09 71 7b ce 09 9e f4 93 fd d2 40 97 af af b1 c2 6e 06 1d 36 e8 8f ec 59 72 f3 e3 5c b6 a1 b8 5c 09 5b 60 0b 94 40 d4 19 9d 48 0c 45 2a d7 bd 1b 7b 46 5c 09 d1 d9 f9 7f 58 fd ea 0c 9d b5 de b5 33 60 44 1c 5f 4f 12 9b a5 7f
                                                                                                                                                                                                                      Data Ascii: TX4:B=R,~J#Me]#rdbG/K.X',UL`(ohE1#Ww\[0l:2t#IOS`'jY[wpukq{@n6Yr\\[`@HE*{F\X3`D_O
                                                                                                                                                                                                                      2024-12-24 11:05:45 UTC16384INData Raw: 4f 0a 71 fc 5b 30 97 20 ce cc a8 6f 78 0b 20 0e bc 16 ca eb 08 c5 09 94 75 1b 2a bc 12 9f 53 05 d6 f1 85 85 ca fc 3f af c6 ac 76 95 4a ef 47 ac c0 56 a8 c1 17 87 07 24 f3 00 09 5e 6f 51 cd a1 95 e8 83 bd 05 e4 6b 3a 05 cc e9 ef 8b 4f 6c da 1b f0 eb e1 86 8b 8f 82 7d b8 dc 0f ee e0 b4 34 a1 ee 07 f6 c4 68 9c e4 5a 6b 16 4c f4 4e 2c f5 b3 be 30 6e ab b3 01 cd 0f 58 14 4f 23 c2 10 45 c2 7c 0f 5e 22 5d f1 74 2a 4e 56 05 6b 64 46 c0 83 fe bb d2 29 07 48 c2 40 96 0d 1b ea 71 b5 dc b4 25 d0 f5 93 c8 a9 41 ff 3e e1 d0 72 a4 b7 64 0c f9 f0 97 59 5a 6c fc fc 53 16 d9 86 54 aa f2 9d 75 4c e7 bf 98 59 6c 35 b4 8b 6b 7d 8b 96 31 6c f3 c1 8a cc 10 12 a7 d6 6c ee 41 85 c0 91 51 e7 1d cb 79 8e e0 6b b1 f2 07 b1 62 3f f7 d7 f3 c6 5d 4c 3b b6 39 d4 9f 43 87 a9 23 f8 56 93
                                                                                                                                                                                                                      Data Ascii: Oq[0 ox u*S?vJGV$^oQk:Ol}4hZkLN,0nXO#E|^"]t*NVkdF)H@q%A>rdYZlSTuLYl5k}1llAQykb?]L;9C#V
                                                                                                                                                                                                                      2024-12-24 11:05:45 UTC16384INData Raw: f7 06 e1 98 0c 59 40 ec cb ac 0c 1d 3d 88 c9 12 0a af f6 da a3 1a 1e 0b 9e 08 11 d8 02 16 6b 9f 06 57 dd 39 e1 d9 da a2 66 87 6c 95 5a 62 80 26 64 83 75 81 05 e6 57 3f 8f 28 3b ef f2 90 30 e5 cb 26 2b 88 8f ec 9c 3d 26 fa 24 57 3c 21 db 1e 23 14 12 f2 b4 cd 1b 30 80 07 7a dd 5d 91 ed 8f 06 3d dd d8 e3 ff 76 e2 02 83 9e b2 c7 c3 50 7a 53 a4 b1 91 6d 67 2c ec 82 7b 63 2c 46 4a 13 d2 6d 64 8b 1d dc c8 67 21 12 c7 14 79 3c fe e9 1a 14 9e 5b 6e c0 f5 f8 33 75 83 b3 be cf 81 69 f8 7d 1e c1 0a 2f 7b ea 33 ba 3a e2 b0 dc f9 c2 30 aa 67 0e f4 eb 4e 4a 7c 41 fb ff 3e e5 80 f7 c6 23 b1 f6 42 29 68 d1 2e a9 14 99 bf 63 5b d1 e7 9b f9 47 02 c1 38 b1 3c 54 40 4f 74 5f 20 14 6b ab eb 1f ba b7 72 b8 b2 fa 45 d5 52 0c 06 6c 0d 6c 14 45 92 0b 56 ce 38 bd 9b 84 8f c4 8c 7d
                                                                                                                                                                                                                      Data Ascii: Y@=kW9flZb&duW?(;0&+=&$W<!#0z]=vPzSmg,{c,FJmdg!y<[n3ui}/{3:0gNJ|A>#B)h.c[G8<T@Ot_ krERllEV8}
                                                                                                                                                                                                                      2024-12-24 11:05:45 UTC16384INData Raw: d6 18 07 59 74 38 48 41 dd 97 20 c2 c2 79 6a 63 d7 7c 2d 4b 3d ba 06 fe 4c 27 6e 8c 64 8e 09 8e e6 b4 c4 af 9d b7 3e e7 8a 6a 72 48 d0 06 89 7e 0f b0 93 a0 8f 15 d5 2b 6e d8 24 4c 11 44 7d c8 34 7d cf 8c a3 ef 64 9e 53 48 25 47 ce 8a f5 4b 09 91 50 7b 1c c1 b0 1d 32 3e d7 06 fc a2 1b eb 22 12 25 2c 83 1c 35 34 7f 32 2d 13 ab 2f 7a 89 8d 93 cd a5 8d 54 95 ad 47 0d 81 49 bd 44 9d e5 b5 01 62 cd 8e 64 3d b7 3d 7d 5e 2f c2 9b 6c 54 77 2d 40 49 c1 7a b2 a3 b0 bb e5 81 f4 59 c0 c6 5c 3a e8 1c ba ce 1d 89 70 b6 fc a3 69 ec a3 1a 52 13 e7 d5 aa 14 47 e1 20 09 01 77 5d 06 48 91 7f 6a e6 dc af 1f df 11 35 28 1e 3e 1d de 71 24 98 3e 96 22 37 b0 a1 a5 6b 80 44 d5 54 56 7a fd f6 c5 99 7e 6c 3d 04 30 68 05 e8 1d ed 71 9d 13 80 30 fa 53 fb 36 d5 c4 f4 b3 ec d8 0d f3 e2
                                                                                                                                                                                                                      Data Ascii: Yt8HA yjc|-K=L'nd>jrH~+n$LD}4}dSH%GKP{2>"%,542-/zTGIDbd==}^/lTw-@IzY\:piRG w]Hj5(>q$>"7kDTVz~l=0hq0S6


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      8192.168.2.44975565.9.108.2234436836C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:02 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                      Authorization: Signature=66c807ad3803012585cdea4992ef6b005dda8cf3863b9f1c5ce9cd6f798ad443
                                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                      Content-Length: 369
                                                                                                                                                                                                                      Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                                                      2024-12-24 11:06:02 UTC369OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 31 32 32 34 30 36 30 36 30 38 5c 22 2c 5c 22 33 5c 22 3a 5c 22 5a 61 79 61 74 73 5c 22 2c 5c 22 34 5c 22 3a 5c 22 47 61 6d 65 73 34 57 69 6e 5c 22 2c 5c 22 35 5c 22 3a 5c 22 57 65 62 41 64 76 69 73 6f 72 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 57 65 62 41 64 76 69 73 6f 72 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 6e 6f 43 68 47 72 6f 75 70 78 33 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 67 61 6d 65 66 61 62 72 69 71 75 65 5c 22 2c 5c 22 36 5c 22 3a 5c 22 33
                                                                                                                                                                                                                      Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241224060608\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"WebAdvisor\",\"18\":\"ZB_WebAdvisor\",\"19\":\"noChGroupx3\",\"21\":\"gamefabrique\",\"6\":\"3
                                                                                                                                                                                                                      2024-12-24 11:06:03 UTC427INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                      Content-Length: 15
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:03 GMT
                                                                                                                                                                                                                      Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                      X-Cache: Miss from cloudfront
                                                                                                                                                                                                                      Via: 1.1 bbdef00245eb23edcffbb5c502699edc.cloudfront.net (CloudFront)
                                                                                                                                                                                                                      X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                                                      X-Amz-Cf-Id: 1qia4qkKzBvWUB2UscDvgR0rHlmZAZnhxy4vjasNB9Co-IGv5bIMtg==
                                                                                                                                                                                                                      2024-12-24 11:06:03 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                                                      Data Ascii: {"Status":"OK"}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      9192.168.2.44975644.228.210.1644433844C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:03 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                      User-Agent: SA
                                                                                                                                                                                                                      X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                                                      Content-Length: 311
                                                                                                                                                                                                                      Host: analytics.apis.mcafee.com
                                                                                                                                                                                                                      2024-12-24 11:06:03 UTC311OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a 22 57 49 4e 22 2c 22 4f 53 5f 50 6c 61 74 66 6f 72 6d 22 3a 22 36 34 22 2c 22 4f 53 5f 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 38 38 39 22 2c 22 50 72 6f 64 75 63 74 5f 56 65 72 73 69 6f 6e 22 3a 22 34 2e 31 2e 31 2e 38 36 35 22 2c 22 55 55 49 44 22 3a 22 7b 34 46 46 41 33 42 33 38 2d 41 33 30 31 2d 34 44 35 32 2d 42 41 46 45 2d 45 43 39 34 31 34 42 39 30 44 34 45 7d 22 2c 22 65 61 22 3a 22 50 72 6f 63 65 73 73 22 2c 22 65 63 22 3a 22 42 6f 6f 74 53 74 72 61 70 49 6e 73 74 61 6c 6c 65 72 22 2c 22 65 6c 22 3a 22 53 74 61 72 74 65 64 22
                                                                                                                                                                                                                      Data Ascii: {"Data":{"Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":"WIN","OS_Platform":"64","OS_Version":"10.0.19041.1889","Product_Version":"4.1.1.865","UUID":"{4FFA3B38-A301-4D52-BAFE-EC9414B90D4E}","ea":"Process","ec":"BootStrapInstaller","el":"Started"
                                                                                                                                                                                                                      2024-12-24 11:06:03 UTC95INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:03 GMT
                                                                                                                                                                                                                      Content-Length: 17
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      2024-12-24 11:06:03 UTC17INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 20 22 6f 6b 22 7d
                                                                                                                                                                                                                      Data Ascii: {"message": "ok"}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      10192.168.2.44976265.9.108.2234436836C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:05 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                      Authorization: Signature=66c807ad3803012585cdea4992ef6b005dda8cf3863b9f1c5ce9cd6f798ad443
                                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                      Content-Length: 377
                                                                                                                                                                                                                      Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                                                      2024-12-24 11:06:05 UTC377OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 31 32 32 34 30 36 30 36 30 38 5c 22 2c 5c 22 33 5c 22 3a 5c 22 5a 61 79 61 74 73 5c 22 2c 5c 22 34 5c 22 3a 5c 22 47 61 6d 65 73 34 57 69 6e 5c 22 2c 5c 22 35 5c 22 3a 5c 22 41 56 47 5f 41 56 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 41 56 47 5f 41 56 5f 54 72 75 73 74 50 69 6c 6f 74 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 6e 6f 43 68 47 72 6f 75 70 78 33 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 67 61 6d 65 66 61 62 72 69 71 75 65 5c 22 2c 5c 22 36 5c 22 3a
                                                                                                                                                                                                                      Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241224060608\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"AVG_AV\",\"18\":\"ZB_AVG_AV_TrustPilot\",\"19\":\"noChGroupx3\",\"21\":\"gamefabrique\",\"6\":
                                                                                                                                                                                                                      2024-12-24 11:06:06 UTC427INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                      Content-Length: 15
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:05 GMT
                                                                                                                                                                                                                      Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                      X-Cache: Miss from cloudfront
                                                                                                                                                                                                                      Via: 1.1 cc308cac72966d971a24d7b2a41ddf70.cloudfront.net (CloudFront)
                                                                                                                                                                                                                      X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                                                      X-Amz-Cf-Id: xEzoSZoyKx8IlFI4v7TWpZliFmn41QF_N3FypHBdTDtTyRYyF595Rw==
                                                                                                                                                                                                                      2024-12-24 11:06:06 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                                                      Data Ascii: {"Status":"OK"}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      11192.168.2.44976344.228.210.1644433844C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:05 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                      User-Agent: SA
                                                                                                                                                                                                                      X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                                                      Content-Length: 311
                                                                                                                                                                                                                      Host: analytics.apis.mcafee.com
                                                                                                                                                                                                                      2024-12-24 11:06:05 UTC311OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a 22 57 49 4e 22 2c 22 4f 53 5f 50 6c 61 74 66 6f 72 6d 22 3a 22 36 34 22 2c 22 4f 53 5f 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 38 38 39 22 2c 22 50 72 6f 64 75 63 74 5f 56 65 72 73 69 6f 6e 22 3a 22 34 2e 31 2e 31 2e 38 36 35 22 2c 22 55 55 49 44 22 3a 22 7b 34 46 46 41 33 42 33 38 2d 41 33 30 31 2d 34 44 35 32 2d 42 41 46 45 2d 45 43 39 34 31 34 42 39 30 44 34 45 7d 22 2c 22 65 61 22 3a 22 49 6e 73 74 61 6c 6c 22 2c 22 65 63 22 3a 22 42 6f 6f 74 53 74 72 61 70 49 6e 73 74 61 6c 6c 65 72 22 2c 22 65 6c 22 3a 22 53 74 61 72 74 65 64 22
                                                                                                                                                                                                                      Data Ascii: {"Data":{"Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":"WIN","OS_Platform":"64","OS_Version":"10.0.19041.1889","Product_Version":"4.1.1.865","UUID":"{4FFA3B38-A301-4D52-BAFE-EC9414B90D4E}","ea":"Install","ec":"BootStrapInstaller","el":"Started"
                                                                                                                                                                                                                      2024-12-24 11:06:06 UTC95INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:05 GMT
                                                                                                                                                                                                                      Content-Length: 17
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      2024-12-24 11:06:06 UTC17INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 20 22 6f 6b 22 7d
                                                                                                                                                                                                                      Data Ascii: {"message": "ok"}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      12192.168.2.44977265.9.108.1054436836C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:08 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                      Authorization: Signature=66c807ad3803012585cdea4992ef6b005dda8cf3863b9f1c5ce9cd6f798ad443
                                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                      Content-Length: 367
                                                                                                                                                                                                                      Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                                                      2024-12-24 11:06:08 UTC367OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 31 32 32 34 30 36 30 36 30 38 5c 22 2c 5c 22 33 5c 22 3a 5c 22 5a 61 79 61 74 73 5c 22 2c 5c 22 34 5c 22 3a 5c 22 47 61 6d 65 73 34 57 69 6e 5c 22 2c 5c 22 35 5c 22 3a 5c 22 41 56 47 5f 42 52 57 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 4e 6f 72 74 6f 6e 5f 42 52 57 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 6e 6f 43 68 47 72 6f 75 70 78 33 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 67 61 6d 65 66 61 62 72 69 71 75 65 5c 22 2c 5c 22 36 5c 22 3a 5c 22 33 5c 22 2c
                                                                                                                                                                                                                      Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241224060608\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"AVG_BRW\",\"18\":\"ZB_Norton_BRW\",\"19\":\"noChGroupx3\",\"21\":\"gamefabrique\",\"6\":\"3\",
                                                                                                                                                                                                                      2024-12-24 11:06:09 UTC427INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                      Content-Length: 15
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:08 GMT
                                                                                                                                                                                                                      Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                      X-Cache: Miss from cloudfront
                                                                                                                                                                                                                      Via: 1.1 bbdef00245eb23edcffbb5c502699edc.cloudfront.net (CloudFront)
                                                                                                                                                                                                                      X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                                                      X-Amz-Cf-Id: oM8A2SBR6AQ4k4EaE_qaRKyTmqfpQGUOKtx8Fa-PYLPibRMBf2rS4g==
                                                                                                                                                                                                                      2024-12-24 11:06:09 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                                                      Data Ascii: {"Status":"OK"}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      13192.168.2.44978334.117.223.2234432124C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:11 UTC139OUTPOST /v4/receive/json/25 HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      User-Agent: Icarus Http/1.0
                                                                                                                                                                                                                      Content-Length: 1283
                                                                                                                                                                                                                      Host: analytics.avcdn.net
                                                                                                                                                                                                                      2024-12-24 11:06:11 UTC1283OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 74 79 70 65 22 3a 32 35 2c 22 73 75 62 74 79 70 65 22 3a 31 2c 22 72 65 71 75 65 73 74 5f 69 64 22 3a 22 38 38 62 30 66 34 32 38 2d 36 39 62 30 2d 34 30 31 38 2d 38 35 62 37 2d 66 61 34 33 35 38 66 30 37 36 37 32 22 2c 22 74 69 6d 65 22 3a 31 37 33 35 30 34 35 34 35 32 31 31 35 7d 2c 22 73 65 74 75 70 22 3a 7b 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 6f 70 65 72 61 74 69 6f 6e 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 37 32 39 64 65 34 61 65 2d 37 36 33 66 2d 34 64 66 37 2d 61 30 34 33 2d 35 36 35 39 32 32 32 65 38 32 32 61 22 2c 22 73 74 61 67 65 22 3a 22 73 66 78 2d 73 74 61 72 74 22 2c 22 74 69 74 6c 65 22 3a 22 22 7d 2c 22 70 72 6f 64 75 63 74 22 3a 7b 22 6e
                                                                                                                                                                                                                      Data Ascii: {"record":[{"event":{"type":25,"subtype":1,"request_id":"88b0f428-69b0-4018-85b7-fa4358f07672","time":1735045452115},"setup":{"common":{"operation":"install","session_id":"729de4ae-763f-4df7-a043-5659222e822a","stage":"sfx-start","title":""},"product":{"n
                                                                                                                                                                                                                      2024-12-24 11:06:11 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:11 GMT
                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                      Content-Length: 19
                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      2024-12-24 11:06:11 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                                                      Data Ascii: {"processed": true}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      14192.168.2.44978644.228.210.1644433844C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:12 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                      User-Agent: SA
                                                                                                                                                                                                                      X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                                                      Content-Length: 336
                                                                                                                                                                                                                      Host: analytics.apis.mcafee.com
                                                                                                                                                                                                                      2024-12-24 11:06:12 UTC336OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a 22 57 49 4e 22 2c 22 4f 53 5f 50 6c 61 74 66 6f 72 6d 22 3a 22 36 34 22 2c 22 4f 53 5f 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 38 38 39 22 2c 22 50 72 6f 64 75 63 74 5f 56 65 72 73 69 6f 6e 22 3a 22 34 2e 31 2e 31 2e 38 36 35 22 2c 22 55 55 49 44 22 3a 22 7b 34 46 46 41 33 42 33 38 2d 41 33 30 31 2d 34 44 35 32 2d 42 41 46 45 2d 45 43 39 34 31 34 42 39 30 44 34 45 7d 22 2c 22 65 61 22 3a 22 50 61 69 64 44 69 73 74 72 69 62 75 74 69 6f 6e 3d 74 72 75 65 22 2c 22 65 63 22 3a 22 49 6e 70 75 74 50 61 72 61 6d 65 74 65 72 73 22 2c 22 65 6c
                                                                                                                                                                                                                      Data Ascii: {"Data":{"Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":"WIN","OS_Platform":"64","OS_Version":"10.0.19041.1889","Product_Version":"4.1.1.865","UUID":"{4FFA3B38-A301-4D52-BAFE-EC9414B90D4E}","ea":"PaidDistribution=true","ec":"InputParameters","el
                                                                                                                                                                                                                      2024-12-24 11:06:13 UTC95INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:13 GMT
                                                                                                                                                                                                                      Content-Length: 17
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      2024-12-24 11:06:13 UTC17INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 20 22 6f 6b 22 7d
                                                                                                                                                                                                                      Data Ascii: {"message": "ok"}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      15192.168.2.44979234.117.223.2234432124C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:12 UTC139OUTPOST /v4/receive/json/25 HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      User-Agent: Icarus Http/1.0
                                                                                                                                                                                                                      Content-Length: 1314
                                                                                                                                                                                                                      Host: analytics.avcdn.net
                                                                                                                                                                                                                      2024-12-24 11:06:12 UTC1314OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 74 79 70 65 22 3a 32 35 2c 22 73 75 62 74 79 70 65 22 3a 31 2c 22 72 65 71 75 65 73 74 5f 69 64 22 3a 22 64 31 36 36 66 39 34 62 2d 66 36 34 34 2d 34 31 66 38 2d 62 31 61 31 2d 61 32 65 30 35 31 62 63 63 64 37 38 22 2c 22 74 69 6d 65 22 3a 31 37 33 35 30 34 35 34 35 32 33 35 32 7d 2c 22 73 65 74 75 70 22 3a 7b 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 6f 70 65 72 61 74 69 6f 6e 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 37 32 39 64 65 34 61 65 2d 37 36 33 66 2d 34 64 66 37 2d 61 30 34 33 2d 35 36 35 39 32 32 32 65 38 32 32 61 22 2c 22 73 74 61 67 65 22 3a 22 73 66 78 2d 70 72 65 70 61 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 22 7d 2c 22 70 72 6f 64 75 63 74 22
                                                                                                                                                                                                                      Data Ascii: {"record":[{"event":{"type":25,"subtype":1,"request_id":"d166f94b-f644-41f8-b1a1-a2e051bccd78","time":1735045452352},"setup":{"common":{"operation":"install","session_id":"729de4ae-763f-4df7-a043-5659222e822a","stage":"sfx-preparing","title":""},"product"
                                                                                                                                                                                                                      2024-12-24 11:06:13 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:13 GMT
                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                      Content-Length: 19
                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      2024-12-24 11:06:13 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                                                      Data Ascii: {"processed": true}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      16192.168.2.449791104.20.86.84432724C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:12 UTC323OUTPOST /?_=1735038370653&retry_tracking_count=0&last_request_error_code=0&last_request_error_message=&last_request_status=0&last_request_system_error=0&request_proxy=0 HTTP/1.1
                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                      User-Agent: NSIS_Jsisdl (Mozilla)
                                                                                                                                                                                                                      Host: stats.securebrowser.com
                                                                                                                                                                                                                      Content-Length: 4107
                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                      2024-12-24 11:06:12 UTC4107OUTData Raw: 7b 0a 20 20 20 20 22 65 76 65 6e 74 22 3a 20 22 6e 6f 72 74 6f 6e 2e 69 6e 73 74 61 6c 6c 65 72 2e 72 65 6d 6f 74 65 22 2c 0a 20 20 20 20 22 73 63 68 65 6d 61 22 3a 20 22 32 33 22 2c 0a 20 20 20 20 22 61 72 67 5f 73 22 3a 20 22 31 22 2c 0a 20 20 20 20 22 61 72 67 5f 6d 61 6b 65 5f 64 65 66 61 75 6c 74 22 3a 20 22 31 22 2c 0a 20 20 20 20 22 61 72 67 5f 72 75 6e 5f 73 6f 75 72 63 65 22 3a 20 22 6e 6f 72 74 6f 6e 5f 70 70 69 5f 69 73 22 2c 0a 20 20 20 20 22 61 76 5f 76 65 72 73 69 6f 6e 5f 61 76 61 73 74 22 3a 20 22 22 2c 0a 20 20 20 20 22 61 76 5f 76 65 72 73 69 6f 6e 5f 61 76 67 22 3a 20 22 22 2c 0a 20 20 20 20 22 61 76 61 73 74 5f 62 65 74 61 22 3a 20 22 30 22 2c 0a 20 20 20 20 22 61 76 61 73 74 5f 65 64 69 74 69 6f 6e 5f 69 64 22 3a 20 22 22 2c 0a 20 20
                                                                                                                                                                                                                      Data Ascii: { "event": "norton.installer.remote", "schema": "23", "arg_s": "1", "arg_make_default": "1", "arg_run_source": "norton_ppi_is", "av_version_avast": "", "av_version_avg": "", "avast_beta": "0", "avast_edition_id": "",
                                                                                                                                                                                                                      2024-12-24 11:06:13 UTC266INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:13 GMT
                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      vary: Accept-Encoding
                                                                                                                                                                                                                      access-control-allow-origin: *
                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                      CF-RAY: 8f701ee74a941906-EWR
                                                                                                                                                                                                                      2024-12-24 11:06:13 UTC770INData Raw: 32 66 62 0d 0a 7b 22 61 76 5f 65 78 74 65 6e 73 69 6f 6e 73 5f 6e 61 74 69 76 65 22 3a 22 6c 68 6e 6e 6f 6b 6c 63 6b 6f 6d 63 66 64 6c 6b 6e 6d 6a 61 65 6e 6f 6f 64 6c 70 66 64 63 6c 63 2c 64 6d 66 64 61 63 69 62 6c 65 6f 61 70 6d 70 66 64 67 6f 6e 69 67 64 66 69 6e 6d 65 6b 68 67 70 22 2c 22 63 61 6d 70 61 69 67 6e 5f 67 72 6f 75 70 5f 69 64 22 3a 22 32 39 31 31 22 2c 22 63 61 6d 70 61 69 67 6e 5f 69 64 22 3a 22 32 39 32 33 39 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 73 74 65 72 5f 69 6e 73 74 61 6c 6c 22 3a 31 2c 22 72 65 6d 6f 74 65 5f 64 69 73 61 62 6c 65 22 3a 22 30 22 2c 22 72 65 71 75 65 73 74 5f 75 75 69 64 22 3a 22 38 61 33 35 34 62 30 32 66 38 61 63 34 30 61 65 39 30 64 38 33 62 35 62 32 36 35 30 38 38 38
                                                                                                                                                                                                                      Data Ascii: 2fb{"av_extensions_native":"lhnnoklckomcfdlknmjaenoodlpfdclc,dmfdacibleoapmpfdgonigdfinmekhgp","campaign_group_id":"2911","campaign_id":"29239","country_code":"US","register_install":1,"remote_disable":"0","request_uuid":"8a354b02f8ac40ae90d83b5b2650888
                                                                                                                                                                                                                      2024-12-24 11:06:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      17192.168.2.44979465.9.108.1054436836C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:13 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                      Authorization: Signature=66c807ad3803012585cdea4992ef6b005dda8cf3863b9f1c5ce9cd6f798ad443
                                                                                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                      Content-Length: 319
                                                                                                                                                                                                                      Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                                                      2024-12-24 11:06:13 UTC319OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 31 32 32 34 30 36 30 36 30 38 5c 22 2c 5c 22 33 5c 22 3a 5c 22 5a 61 79 61 74 73 5c 22 2c 5c 22 34 5c 22 3a 5c 22 47 61 6d 65 73 34 57 69 6e 5c 22 2c 5c 22 35 5c 22 3a 5c 22 43 61 6e 76 61 73 20 6f 66 20 4b 69 6e 67 73 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 6e 6f 43 68 47 72 6f 75 70 78 33 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 67 61 6d 65 66 61 62 72 69 71 75 65 5c 22 2c 5c 22 36 5c 22 3a 5c 22 33 5c 22 2c 5c 22 37 5c 22
                                                                                                                                                                                                                      Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241224060608\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"Canvas of Kings\",\"18\":\"\",\"19\":\"noChGroupx3\",\"21\":\"gamefabrique\",\"6\":\"3\",\"7\"
                                                                                                                                                                                                                      2024-12-24 11:06:14 UTC427INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                      Content-Length: 15
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:14 GMT
                                                                                                                                                                                                                      Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                      X-Cache: Miss from cloudfront
                                                                                                                                                                                                                      Via: 1.1 5cb640bbbaa55dec4a9f2ef093c54cf4.cloudfront.net (CloudFront)
                                                                                                                                                                                                                      X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                                                      X-Amz-Cf-Id: OyiS5f3PjMph2sd_x236cXqgFRT_8yO-99AMa6S1KuTpMTSWt8h9QQ==
                                                                                                                                                                                                                      2024-12-24 11:06:14 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                                                      Data Ascii: {"Status":"OK"}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      18192.168.2.449846104.20.86.84431344C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:28 UTC389OUTPOST /service/update2 HTTP/1.1
                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      User-Agent: Google Update/1.8.1649.5;winhttp
                                                                                                                                                                                                                      X-Old-UID: age=-1; cnt=0
                                                                                                                                                                                                                      X-Goog-Update-Updater: Omaha-1.8.1649.5
                                                                                                                                                                                                                      X-Goog-Update-Interactivity: bg
                                                                                                                                                                                                                      X-Last-HR: 0x0
                                                                                                                                                                                                                      X-Last-HTTP-Status-Code: 0
                                                                                                                                                                                                                      X-Retry-Count: 0
                                                                                                                                                                                                                      X-HTTP-Attempts: 1
                                                                                                                                                                                                                      Content-Length: 935
                                                                                                                                                                                                                      Host: update.norton.securebrowser.com
                                                                                                                                                                                                                      2024-12-24 11:06:28 UTC935OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 72 65 71 75 65 73 74 20 70 72 6f 74 6f 63 6f 6c 3d 22 33 2e 30 22 20 75 70 64 61 74 65 72 3d 22 4f 6d 61 68 61 22 20 6f 6d 61 68 61 69 64 3d 22 7b 35 38 33 37 42 31 41 35 2d 42 37 32 41 2d 34 35 36 41 2d 42 30 39 46 2d 46 36 38 30 45 39 41 42 35 45 30 32 7d 22 20 75 70 64 61 74 65 72 76 65 72 73 69 6f 6e 3d 22 31 2e 38 2e 31 36 34 39 2e 35 22 20 73 68 65 6c 6c 5f 76 65 72 73 69 6f 6e 3d 22 31 2e 38 2e 31 36 34 39 2e 35 22 20 69 73 6d 61 63 68 69 6e 65 3d 22 31 22 20 69 73 5f 6f 6d 61 68 61 36 34 62 69 74 3d 22 30 22 20 69 73 5f 6f 73 36 34 62 69 74 3d 22 31 22 20 73 65 73 73 69 6f 6e 69 64 3d 22 7b 43 43 30 31 31 41 45 37 2d 41 41 45 35 2d
                                                                                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" updater="Omaha" omahaid="{5837B1A5-B72A-456A-B09F-F680E9AB5E02}" updaterversion="1.8.1649.5" shell_version="1.8.1649.5" ismachine="1" is_omaha64bit="0" is_os64bit="1" sessionid="{CC011AE7-AAE5-
                                                                                                                                                                                                                      2024-12-24 11:06:28 UTC291INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:28 GMT
                                                                                                                                                                                                                      Content-Type: application/xml
                                                                                                                                                                                                                      Content-Length: 250
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      x-powered-by: Express
                                                                                                                                                                                                                      expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                      CF-RAY: 8f701f49bd408c54-EWR
                                                                                                                                                                                                                      2024-12-24 11:06:28 UTC250INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 72 65 73 70 6f 6e 73 65 20 70 72 6f 74 6f 63 6f 6c 3d 22 33 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 39 39 38 38 22 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 35 33 36 22 3e 3c 2f 64 61 79 73 74 61 72 74 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 7b 35 38 33 37 42 31 41 35 2d 42 37 32 41 2d 34 35 36 41 2d 42 30 39 46 2d 46 36 38 30 45 39 41 42 35 45 30 32 7d 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 3e 3c 65 76 65 6e 74 20 73 74 61 74 75 73 3d 22 6f 6b 22 3e 3c 2f 65 76 65 6e 74 3e 3c 2f 61 70 70 3e 3c 2f 72 65 73 70 6f 6e 73 65 3e
                                                                                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><response protocol="3.0" server="prod"><daystart elapsed_seconds="39988" elapsed_days="6536"></daystart><app appid="{5837B1A5-B72A-456A-B09F-F680E9AB5E02}" status="ok"><event status="ok"></event></app></response>


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      19192.168.2.44984544.228.210.1644433844C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:28 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                      User-Agent: SA
                                                                                                                                                                                                                      X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                                                      Content-Length: 507
                                                                                                                                                                                                                      Host: analytics.apis.mcafee.com
                                                                                                                                                                                                                      2024-12-24 11:06:28 UTC507OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 41 66 66 69 64 22 3a 22 39 31 30 38 38 22 2c 22 43 6f 75 6e 74 72 79 5f 43 6f 64 65 22 3a 22 55 53 22 2c 22 44 69 73 74 72 69 62 75 74 69 6f 6e 5f 53 75 62 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 4c 6f 75 64 6e 65 73 73 22 3a 22 53 69 6c 65 6e 74 22 2c 22 49 6e 73 74 61 6c 6c 5f 53 6f 75 72 63 65 22 3a 22 50 61 69 64 44 69 73 74 72 69 62 75 74 69 6f 6e 22 2c 22 49 72 6f 6e 73 6f 75 72 63 65 5f 50 69 78 65 6c 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a
                                                                                                                                                                                                                      Data Ascii: {"Data":{"Affid":"91088","Country_Code":"US","Distribution_SubID":"UNDEFINED","Install_ID":"UNDEFINED","Install_Loudness":"Silent","Install_Source":"PaidDistribution","Ironsource_Pixel":"UNDEFINED","Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":
                                                                                                                                                                                                                      2024-12-24 11:06:29 UTC95INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:29 GMT
                                                                                                                                                                                                                      Content-Length: 17
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      2024-12-24 11:06:29 UTC17INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 20 22 6f 6b 22 7d
                                                                                                                                                                                                                      Data Ascii: {"message": "ok"}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      20192.168.2.449849104.20.86.84432908C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:29 UTC554OUTPOST /service/update2?cup2key=9:753534811&cup2hreq=a7db56b53aa6a23eb6774034a3a4373a05f2923408d3c4a82b9ac8e32b118b14 HTTP/1.1
                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      User-Agent: Google Update/1.8.1649.5;winhttp;cup-ecdsa
                                                                                                                                                                                                                      X-Old-UID: age=-1; cnt=0
                                                                                                                                                                                                                      X-Goog-Update-AppId: {3A3642E6-DE46-4F68-9887-AA017EEFE426}
                                                                                                                                                                                                                      X-Goog-Update-Updater: Omaha-1.8.1649.5
                                                                                                                                                                                                                      X-Goog-Update-Interactivity: fg
                                                                                                                                                                                                                      X-Last-HR: 0x0
                                                                                                                                                                                                                      X-Last-HTTP-Status-Code: 0
                                                                                                                                                                                                                      X-Retry-Count: 0
                                                                                                                                                                                                                      X-HTTP-Attempts: 1
                                                                                                                                                                                                                      Content-Length: 882
                                                                                                                                                                                                                      Host: update.norton.securebrowser.com
                                                                                                                                                                                                                      2024-12-24 11:06:29 UTC882OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 72 65 71 75 65 73 74 20 70 72 6f 74 6f 63 6f 6c 3d 22 33 2e 30 22 20 75 70 64 61 74 65 72 3d 22 4f 6d 61 68 61 22 20 6f 6d 61 68 61 69 64 3d 22 7b 35 38 33 37 42 31 41 35 2d 42 37 32 41 2d 34 35 36 41 2d 42 30 39 46 2d 46 36 38 30 45 39 41 42 35 45 30 32 7d 22 20 75 70 64 61 74 65 72 76 65 72 73 69 6f 6e 3d 22 31 2e 38 2e 31 36 34 39 2e 35 22 20 73 68 65 6c 6c 5f 76 65 72 73 69 6f 6e 3d 22 31 2e 38 2e 31 36 34 39 2e 35 22 20 69 73 6d 61 63 68 69 6e 65 3d 22 31 22 20 69 73 5f 6f 6d 61 68 61 36 34 62 69 74 3d 22 30 22 20 69 73 5f 6f 73 36 34 62 69 74 3d 22 31 22 20 73 65 73 73 69 6f 6e 69 64 3d 22 7b 43 43 30 31 31 41 45 37 2d 41 41 45 35 2d
                                                                                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" updater="Omaha" omahaid="{5837B1A5-B72A-456A-B09F-F680E9AB5E02}" updaterversion="1.8.1649.5" shell_version="1.8.1649.5" ismachine="1" is_omaha64bit="0" is_os64bit="1" sessionid="{CC011AE7-AAE5-
                                                                                                                                                                                                                      2024-12-24 11:06:29 UTC507INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:29 GMT
                                                                                                                                                                                                                      Content-Type: application/xml
                                                                                                                                                                                                                      Content-Length: 1024
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      x-powered-by: Express
                                                                                                                                                                                                                      etag: 304502204087cabcf2769fdd642644f66cf90fdbb554621f8d8dbf9b6507ba0aab09e117022100959d6ea0fbc59eef152ad9ffa9fecb28548b3fe6a8351a0ca7d225f54d9c5a2f:a7db56b53aa6a23eb6774034a3a4373a05f2923408d3c4a82b9ac8e32b118b14
                                                                                                                                                                                                                      expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                      CF-RAY: 8f701f4e0ebf8c1b-EWR
                                                                                                                                                                                                                      2024-12-24 11:06:29 UTC862INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 72 65 73 70 6f 6e 73 65 20 70 72 6f 74 6f 63 6f 6c 3d 22 33 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 39 39 38 39 22 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 35 33 36 22 3e 3c 2f 64 61 79 73 74 61 72 74 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 7b 33 41 33 36 34 32 45 36 2d 44 45 34 36 2d 34 46 36 38 2d 39 38 38 37 2d 41 41 30 31 37 45 45 46 45 34 32 36 7d 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 3e 3c 75 70 64 61 74 65 63 68 65 63 6b 20 73 74 61 74 75 73 3d 22 6f 6b 22 3e 3c 75 72 6c 73 3e 3c 75 72 6c 20 63 6f 64 65 62 61 73 65 3d 22 68 74 74
                                                                                                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><response protocol="3.0" server="prod"><daystart elapsed_seconds="39989" elapsed_days="6536"></daystart><app appid="{3A3642E6-DE46-4F68-9887-AA017EEFE426}" status="ok"><updatecheck status="ok"><urls><url codebase="htt
                                                                                                                                                                                                                      2024-12-24 11:06:29 UTC162INData Raw: 65 22 3e 3c 2f 61 63 74 69 6f 6e 3e 3c 61 63 74 69 6f 6e 20 76 65 72 73 69 6f 6e 3d 22 31 33 31 2e 30 2e 32 37 36 35 32 2e 38 37 22 20 65 76 65 6e 74 3d 22 70 6f 73 74 69 6e 73 74 61 6c 6c 22 20 6f 6e 73 75 63 63 65 73 73 3d 22 65 78 69 74 73 69 6c 65 6e 74 6c 79 6f 6e 6c 61 75 6e 63 68 63 6d 64 22 3e 3c 2f 61 63 74 69 6f 6e 3e 3c 2f 61 63 74 69 6f 6e 73 3e 3c 2f 6d 61 6e 69 66 65 73 74 3e 3c 2f 75 70 64 61 74 65 63 68 65 63 6b 3e 3c 2f 61 70 70 3e 3c 2f 72 65 73 70 6f 6e 73 65 3e
                                                                                                                                                                                                                      Data Ascii: e"></action><action version="131.0.27652.87" event="postinstall" onsuccess="exitsilentlyonlaunchcmd"></action></actions></manifest></updatecheck></app></response>


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      21192.168.2.449848104.20.86.84432448C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:31 UTC453OUTGET /service/check2&appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&appversion=1.8.1649.5&applang=&machine=1&version=1.8.1649.5&userid=%7B080202C6-0391-4360-89E1-C3B86776D125%7D&osversion=10.0&servicepack= HTTP/1.1
                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      User-Agent: Google Update/1.8.1649.5;winhttp
                                                                                                                                                                                                                      X-Last-HR: 0x0
                                                                                                                                                                                                                      X-Last-HTTP-Status-Code: 0
                                                                                                                                                                                                                      X-Retry-Count: 0
                                                                                                                                                                                                                      X-HTTP-Attempts: 1
                                                                                                                                                                                                                      Host: update.norton.securebrowser.com
                                                                                                                                                                                                                      2024-12-24 11:06:32 UTC327INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:32 GMT
                                                                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      x-powered-by: Express
                                                                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                      CF-RAY: 8f701f5e08dc4258-EWR
                                                                                                                                                                                                                      2024-12-24 11:06:32 UTC379INData Raw: 31 37 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 70 72 65 3e 43 61 6e 6e 6f 74 20 47 45 54 20 2f 73 65 72 76 69 63 65 2f 63 68 65 63 6b 32 26 61 6d 70 3b 61 70 70 69 64 3d 25 37 42 35 38 33 37 42 31 41 35 2d 42 37 32 41 2d 34 35 36 41 2d 42 30 39 46 2d 46 36 38 30 45 39 41 42 35 45 30 32 25 37 44 26 61 6d 70 3b 61 70 70 76 65 72 73 69 6f 6e 3d 31 2e 38 2e 31 36 34 39 2e 35 26 61 6d 70 3b 61 70 70 6c 61 6e 67 3d 26 61 6d 70 3b 6d 61 63 68 69 6e 65 3d 31 26 61 6d 70 3b 76 65 72 73 69 6f 6e 3d 31
                                                                                                                                                                                                                      Data Ascii: 174<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Error</title></head><body><pre>Cannot GET /service/check2&amp;appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&amp;appversion=1.8.1649.5&amp;applang=&amp;machine=1&amp;version=1
                                                                                                                                                                                                                      2024-12-24 11:06:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      22192.168.2.449863104.20.86.84432448C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:33 UTC479OUTGET /service/check2&appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&appversion=1.8.1649.5&applang=&machine=1&version=1.8.1649.5&userid=%7B080202C6-0391-4360-89E1-C3B86776D125%7D&osversion=10.0&servicepack= HTTP/1.1
                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      User-Agent: Google Update/1.8.1649.5;winhttp
                                                                                                                                                                                                                      X-Old-UID: age=-1; cnt=0
                                                                                                                                                                                                                      X-Last-HR: 0x0
                                                                                                                                                                                                                      X-Last-HTTP-Status-Code: 0
                                                                                                                                                                                                                      X-Retry-Count: 0
                                                                                                                                                                                                                      X-HTTP-Attempts: 1
                                                                                                                                                                                                                      Host: update.norton.securebrowser.com
                                                                                                                                                                                                                      2024-12-24 11:06:34 UTC327INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:34 GMT
                                                                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      x-powered-by: Express
                                                                                                                                                                                                                      content-security-policy: default-src 'none'
                                                                                                                                                                                                                      x-content-type-options: nosniff
                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                      CF-RAY: 8f701f6b1d60c329-EWR
                                                                                                                                                                                                                      2024-12-24 11:06:34 UTC379INData Raw: 31 37 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 70 72 65 3e 43 61 6e 6e 6f 74 20 47 45 54 20 2f 73 65 72 76 69 63 65 2f 63 68 65 63 6b 32 26 61 6d 70 3b 61 70 70 69 64 3d 25 37 42 35 38 33 37 42 31 41 35 2d 42 37 32 41 2d 34 35 36 41 2d 42 30 39 46 2d 46 36 38 30 45 39 41 42 35 45 30 32 25 37 44 26 61 6d 70 3b 61 70 70 76 65 72 73 69 6f 6e 3d 31 2e 38 2e 31 36 34 39 2e 35 26 61 6d 70 3b 61 70 70 6c 61 6e 67 3d 26 61 6d 70 3b 6d 61 63 68 69 6e 65 3d 31 26 61 6d 70 3b 76 65 72 73 69 6f 6e 3d 31
                                                                                                                                                                                                                      Data Ascii: 174<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Error</title></head><body><pre>Cannot GET /service/check2&amp;appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&amp;appversion=1.8.1649.5&amp;applang=&amp;machine=1&amp;version=1
                                                                                                                                                                                                                      2024-12-24 11:06:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      23192.168.2.44990734.117.223.2234432124C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:48 UTC139OUTPOST /v4/receive/json/25 HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      User-Agent: Icarus Http/1.0
                                                                                                                                                                                                                      Content-Length: 1365
                                                                                                                                                                                                                      Host: analytics.avcdn.net
                                                                                                                                                                                                                      2024-12-24 11:06:48 UTC1365OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 74 79 70 65 22 3a 32 35 2c 22 73 75 62 74 79 70 65 22 3a 31 2c 22 72 65 71 75 65 73 74 5f 69 64 22 3a 22 66 33 64 30 33 32 37 33 2d 33 66 36 38 2d 34 30 32 39 2d 62 36 34 63 2d 62 31 63 32 32 37 66 31 36 32 37 36 22 2c 22 74 69 6d 65 22 3a 31 37 33 35 30 34 35 39 30 39 32 33 33 7d 2c 22 73 65 74 75 70 22 3a 7b 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 6f 70 65 72 61 74 69 6f 6e 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 37 32 39 64 65 34 61 65 2d 37 36 33 66 2d 34 64 66 37 2d 61 30 34 33 2d 35 36 35 39 32 32 32 65 38 32 32 61 22 2c 22 73 74 61 67 65 22 3a 22 73 66 78 2d 72 75 6e 6e 69 6e 67 2d 69 63 61 72 75 73 22 2c 22 74 69 74 6c 65 22 3a 22 41 56 47 20 41 6e 74
                                                                                                                                                                                                                      Data Ascii: {"record":[{"event":{"type":25,"subtype":1,"request_id":"f3d03273-3f68-4029-b64c-b1c227f16276","time":1735045909233},"setup":{"common":{"operation":"install","session_id":"729de4ae-763f-4df7-a043-5659222e822a","stage":"sfx-running-icarus","title":"AVG Ant
                                                                                                                                                                                                                      2024-12-24 11:06:49 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:49 GMT
                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                      Content-Length: 19
                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      2024-12-24 11:06:49 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                                                      Data Ascii: {"processed": true}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      24192.168.2.44991034.117.223.2234437032C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:49 UTC243OUTPOST /v4/receive/json/25 HTTP/1.1
                                                                                                                                                                                                                      Host: analytics.avcdn.net
                                                                                                                                                                                                                      User-Agent: libcurl/8.7.0-DEV Schannel zlib/1.3.1 c-ares/1.28.1 nghttp2/1.48.0
                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                      Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                      Content-Length: 2077
                                                                                                                                                                                                                      2024-12-24 11:06:49 UTC2077OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 0a 09 22 65 76 65 6e 74 22 20 3a 20 0a 09 7b 0a 09 09 22 72 65 71 75 65 73 74 5f 69 64 22 20 3a 20 22 36 37 31 64 38 66 37 37 2d 61 62 66 30 2d 34 35 66 64 2d 62 61 33 33 2d 31 63 37 35 30 32 65 37 34 37 64 30 22 2c 0a 09 09 22 73 75 62 74 79 70 65 22 20 3a 20 31 2c 0a 09 09 22 74 69 6d 65 22 20 3a 20 31 37 33 35 30 34 35 34 39 31 33 38 36 2c 0a 09 09 22 74 79 70 65 22 20 3a 20 32 35 0a 09 7d 2c 0a 09 22 69 64 65 6e 74 69 74 79 22 20 3a 20 0a 09 7b 0a 09 09 22 65 6e 64 70 6f 69 6e 74 5f 69 64 22 20 3a 20 22 32 37 38 65 65 36 33 36 2d 61 61 61 38 2d 34 35 65 33 2d 38 31 38 30 2d 61 39 64 35 64 38 65 62 30 34 64 38 22 2c 0a 09 09 22 66 69 6e 67 65 72 70 72 69 6e 74 22 20 3a 20 22 43 46 33 42 38 31 37 34 37 46 38 46 33 41
                                                                                                                                                                                                                      Data Ascii: {"record":[{"event" : {"request_id" : "671d8f77-abf0-45fd-ba33-1c7502e747d0","subtype" : 1,"time" : 1735045491386,"type" : 25},"identity" : {"endpoint_id" : "278ee636-aaa8-45e3-8180-a9d5d8eb04d8","fingerprint" : "CF3B81747F8F3A
                                                                                                                                                                                                                      2024-12-24 11:06:50 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:50 GMT
                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                      Content-Length: 19
                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      2024-12-24 11:06:50 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                                                      Data Ascii: {"processed": true}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      25192.168.2.44991234.160.176.284437032C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:49 UTC426OUTGET /?p_age=0&p_bld=mmm_irs_ppi_902_451_o&p_cpua=x64&p_edi=15&p_icar=1&p_lng=en&p_midex=3F5C7CD44D1F6AC769934CADA267B4DFCEA62DE7E764D162133E6CAEDE356FD0&p_ost=0&p_osv=10.0&p_pro=111&p_prod=avg-av&p_ram=8191&p_vbd=9725&p_vep=24&p_ves=12&p_vre=2390&repoid=release& HTTP/1.1
                                                                                                                                                                                                                      Host: shepherd.avcdn.net
                                                                                                                                                                                                                      User-Agent: libcurl/8.7.0-DEV Schannel zlib/1.3.1 c-ares/1.28.1 nghttp2/1.48.0
                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                      Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                      2024-12-24 11:06:50 UTC586INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:50 GMT
                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                      Content-Length: 760
                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                      Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                                                                      Config-Id: 41
                                                                                                                                                                                                                      Config-Name: Icarus_ipm-messaging-in-22.11-and-higher_avg-av-release_avg-av-51d1a2ee7e934c7dc261eada94f8347942f7e8f283e725085eaec7cd8292a2b5
                                                                                                                                                                                                                      Config-Version: 624
                                                                                                                                                                                                                      Segments: ipm messaging in 22.11 and higher,avg-av release,avg-av
                                                                                                                                                                                                                      TTL: 86400
                                                                                                                                                                                                                      TTL-Spread: 43200
                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                      Alt-Svc: clear
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      2024-12-24 11:06:50 UTC760INData Raw: 5b 75 69 2e 6f 66 66 65 72 2e 61 63 74 69 6f 6e 73 5d 0d 0a 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 69 70 6d 2e 61 76 63 64 6e 2e 6e 65 74 2f 0d 0a 5b 75 69 2e 6f 66 66 65 72 2e 77 65 6c 63 6f 6d 65 5d 0d 0a 6c 6f 61 64 74 69 6d 65 72 3d 31 30 30 30 30 0d 0a 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 69 70 6d 2e 61 76 63 64 6e 2e 6e 65 74 2f 0d 0a 5b 72 65 70 6f 72 74 69 6e 67 5d 0d 0a 64 69 73 61 62 6c 65 5f 63 68 65 63 6b 66 6f 72 75 70 64 61 74 65 73 3d 31 0d 0a 72 65 70 6f 72 74 5f 61 63 74 69 6f 6e 5f 69 64 73 3d 52 49 44 5f 30 30 31 2c 52 49 44 5f 30 30 32 0d 0a 5b 63 6f 6d 6d 6f 6e 5d 0d 0a 61 66 74 65 72 5f 72 75 6e 3d 31 0d 0a 63 6f 6e 66 69 67 2d 64 65 66 2d 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 68 65 70 68 65 72 64 2e 61 76 63 64 6e 2e 6e 65 74 2f 0d 0a
                                                                                                                                                                                                                      Data Ascii: [ui.offer.actions]url=https://ipm.avcdn.net/[ui.offer.welcome]loadtimer=10000url=https://ipm.avcdn.net/[reporting]disable_checkforupdates=1report_action_ids=RID_001,RID_002[common]after_run=1config-def-url=https://shepherd.avcdn.net/


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      26192.168.2.44992334.160.176.284437032C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:06:53 UTC421OUTGET /?p_age=0&p_bld=mmm_irs_ppi_902_451_o&p_cpua=x64&p_icar=1&p_lng=en&p_midex=3F5C7CD44D1F6AC769934CADA267B4DFCEA62DE7E764D162133E6CAEDE356FD0&p_ost=0&p_osv=10.0&p_pro=111&p_prod=avg-av-vps&p_ram=8191&p_vbd=2402&p_vep=24&p_ves=12&p_vre=8785&repoid=release& HTTP/1.1
                                                                                                                                                                                                                      Host: shepherd.avcdn.net
                                                                                                                                                                                                                      User-Agent: libcurl/8.7.0-DEV Schannel zlib/1.3.1 c-ares/1.28.1 nghttp2/1.48.0
                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                      Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                      2024-12-24 11:06:54 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:06:54 GMT
                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                      Content-Length: 579
                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                      Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                                                                      Config-Id: 41
                                                                                                                                                                                                                      Config-Name: Icarus_ipm-messaging-in-22.11-and-higher-6f6731d3927a902e5458089ae4bf8e173bcfc4c29bdbb4e72f209f56c9856d53
                                                                                                                                                                                                                      Config-Version: 624
                                                                                                                                                                                                                      Segments: ipm messaging in 22.11 and higher
                                                                                                                                                                                                                      TTL: 86400
                                                                                                                                                                                                                      TTL-Spread: 43200
                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                      Alt-Svc: clear
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      2024-12-24 11:06:54 UTC579INData Raw: 5b 75 69 2e 6f 66 66 65 72 2e 61 63 74 69 6f 6e 73 5d 0d 0a 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 69 70 6d 2e 61 76 63 64 6e 2e 6e 65 74 2f 0d 0a 5b 75 69 2e 6f 66 66 65 72 2e 77 65 6c 63 6f 6d 65 5d 0d 0a 6c 6f 61 64 74 69 6d 65 72 3d 31 30 30 30 30 0d 0a 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 69 70 6d 2e 61 76 63 64 6e 2e 6e 65 74 2f 0d 0a 5b 72 65 70 6f 72 74 69 6e 67 5d 0d 0a 64 69 73 61 62 6c 65 5f 63 68 65 63 6b 66 6f 72 75 70 64 61 74 65 73 3d 31 0d 0a 72 65 70 6f 72 74 5f 61 63 74 69 6f 6e 5f 69 64 73 3d 52 49 44 5f 30 30 31 2c 52 49 44 5f 30 30 32 0d 0a 5b 63 6f 6d 6d 6f 6e 5d 0d 0a 61 66 74 65 72 5f 72 75 6e 3d 31 0d 0a 63 6f 6e 66 69 67 2d 64 65 66 2d 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 68 65 70 68 65 72 64 2e 61 76 63 64 6e 2e 6e 65 74 2f 0d 0a
                                                                                                                                                                                                                      Data Ascii: [ui.offer.actions]url=https://ipm.avcdn.net/[ui.offer.welcome]loadtimer=10000url=https://ipm.avcdn.net/[reporting]disable_checkforupdates=1report_action_ids=RID_001,RID_002[common]after_run=1config-def-url=https://shepherd.avcdn.net/


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                      27192.168.2.44998934.117.223.223443
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:07:16 UTC243OUTPOST /v4/receive/json/25 HTTP/1.1
                                                                                                                                                                                                                      Host: analytics.avcdn.net
                                                                                                                                                                                                                      User-Agent: libcurl/8.7.0-DEV Schannel zlib/1.3.1 c-ares/1.28.1 nghttp2/1.48.0
                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                      Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                      Content-Length: 3296
                                                                                                                                                                                                                      2024-12-24 11:07:16 UTC3296OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 0a 09 22 65 76 65 6e 74 22 20 3a 20 0a 09 7b 0a 09 09 22 72 65 71 75 65 73 74 5f 69 64 22 20 3a 20 22 35 35 32 63 62 32 33 34 2d 31 35 33 32 2d 34 37 66 33 2d 61 36 35 31 2d 66 32 66 35 35 34 32 34 63 34 30 64 22 2c 0a 09 09 22 73 75 62 74 79 70 65 22 20 3a 20 31 2c 0a 09 09 22 74 69 6d 65 22 20 3a 20 31 37 33 35 30 33 38 34 33 34 34 34 30 2c 0a 09 09 22 74 79 70 65 22 20 3a 20 32 35 0a 09 7d 2c 0a 09 22 69 64 65 6e 74 69 74 79 22 20 3a 20 0a 09 7b 0a 09 09 22 65 6e 64 70 6f 69 6e 74 5f 69 64 22 20 3a 20 22 32 37 38 65 65 36 33 36 2d 61 61 61 38 2d 34 35 65 33 2d 38 31 38 30 2d 61 39 64 35 64 38 65 62 30 34 64 38 22 2c 0a 09 09 22 66 69 6e 67 65 72 70 72 69 6e 74 22 20 3a 20 22 43 46 33 42 38 31 37 34 37 46 38 46 33 41
                                                                                                                                                                                                                      Data Ascii: {"record":[{"event" : {"request_id" : "552cb234-1532-47f3-a651-f2f55424c40d","subtype" : 1,"time" : 1735038434440,"type" : 25},"identity" : {"endpoint_id" : "278ee636-aaa8-45e3-8180-a9d5d8eb04d8","fingerprint" : "CF3B81747F8F3A
                                                                                                                                                                                                                      2024-12-24 11:07:17 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:07:16 GMT
                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                      Content-Length: 19
                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      2024-12-24 11:07:17 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                                                      Data Ascii: {"processed": true}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                      28192.168.2.44999534.117.223.223443
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:07:18 UTC243OUTPOST /v4/receive/json/25 HTTP/1.1
                                                                                                                                                                                                                      Host: analytics.avcdn.net
                                                                                                                                                                                                                      User-Agent: libcurl/8.7.0-DEV Schannel zlib/1.3.1 c-ares/1.28.1 nghttp2/1.48.0
                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                      Accept-Encoding: deflate, gzip
                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                      Content-Length: 3892
                                                                                                                                                                                                                      2024-12-24 11:07:18 UTC3892OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 0a 09 22 65 76 65 6e 74 22 20 3a 20 0a 09 7b 0a 09 09 22 72 65 71 75 65 73 74 5f 69 64 22 20 3a 20 22 64 37 65 62 63 38 61 32 2d 62 63 66 38 2d 34 64 38 62 2d 39 34 39 30 2d 32 39 63 33 64 65 30 63 31 38 39 39 22 2c 0a 09 09 22 73 75 62 74 79 70 65 22 20 3a 20 31 2c 0a 09 09 22 74 69 6d 65 22 20 3a 20 31 37 33 35 30 33 38 34 33 36 33 31 35 2c 0a 09 09 22 74 79 70 65 22 20 3a 20 32 35 0a 09 7d 2c 0a 09 22 69 64 65 6e 74 69 74 79 22 20 3a 20 0a 09 7b 0a 09 09 22 65 6e 64 70 6f 69 6e 74 5f 69 64 22 20 3a 20 22 32 37 38 65 65 36 33 36 2d 61 61 61 38 2d 34 35 65 33 2d 38 31 38 30 2d 61 39 64 35 64 38 65 62 30 34 64 38 22 2c 0a 09 09 22 66 69 6e 67 65 72 70 72 69 6e 74 22 20 3a 20 22 43 46 33 42 38 31 37 34 37 46 38 46 33 41
                                                                                                                                                                                                                      Data Ascii: {"record":[{"event" : {"request_id" : "d7ebc8a2-bcf8-4d8b-9490-29c3de0c1899","subtype" : 1,"time" : 1735038436315,"type" : 25},"identity" : {"endpoint_id" : "278ee636-aaa8-45e3-8180-a9d5d8eb04d8","fingerprint" : "CF3B81747F8F3A
                                                                                                                                                                                                                      2024-12-24 11:07:18 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:07:18 GMT
                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                      Content-Length: 19
                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      2024-12-24 11:07:18 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                                                      Data Ascii: {"processed": true}


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                      29192.168.2.44999634.160.176.28443
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2024-12-24 11:07:18 UTC168OUTPOST / HTTP/1.1
                                                                                                                                                                                                                      Host: shepherd.avcdn.net
                                                                                                                                                                                                                      User-Agent: Avast Antivirus
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                      Content-Length: 272
                                                                                                                                                                                                                      2024-12-24 11:07:18 UTC272OUTData Raw: 3f 70 5f 62 6c 64 3d 6d 6d 6d 5f 69 72 73 5f 70 70 69 5f 39 30 32 5f 34 35 31 5f 6f 26 70 5f 63 68 72 3d 30 26 70 5f 63 68 73 3d 35 26 70 5f 63 70 75 61 3d 78 36 34 26 70 5f 67 63 63 63 3d 30 26 70 5f 69 63 61 72 3d 31 26 70 5f 6c 6e 67 3d 65 6e 26 70 5f 6d 69 64 65 78 3d 33 46 35 43 37 43 44 34 34 44 31 46 36 41 43 37 36 39 39 33 34 43 41 44 41 32 36 37 42 34 44 46 43 45 41 36 32 44 45 37 45 37 36 34 44 31 36 32 31 33 33 45 36 43 41 45 44 45 33 35 36 46 44 30 26 70 5f 6f 73 74 3d 30 26 70 5f 6f 73 76 3d 31 30 2e 30 26 70 5f 70 72 6f 3d 37 30 26 70 5f 70 72 6f 64 3d 61 76 67 2d 61 76 26 70 5f 72 61 6d 3d 38 31 39 31 26 70 5f 73 62 69 3d 30 26 70 5f 76 62 64 3d 39 37 32 35 26 70 5f 76 65 70 3d 32 34 26 70 5f 76 65 73 3d 31 32 26 70 5f 76 72 65 3d 32 33 39
                                                                                                                                                                                                                      Data Ascii: ?p_bld=mmm_irs_ppi_902_451_o&p_chr=0&p_chs=5&p_cpua=x64&p_gccc=0&p_icar=1&p_lng=en&p_midex=3F5C7CD44D1F6AC769934CADA267B4DFCEA62DE7E764D162133E6CAEDE356FD0&p_ost=0&p_osv=10.0&p_pro=70&p_prod=avg-av&p_ram=8191&p_sbi=0&p_vbd=9725&p_vep=24&p_ves=12&p_vre=239
                                                                                                                                                                                                                      2024-12-24 11:07:19 UTC2316INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                      Date: Tue, 24 Dec 2024 11:07:19 GMT
                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                      Content-Length: 22038
                                                                                                                                                                                                                      AB-Tests: 921ba9e1-e8ab-4473-8916-6d120da28b76:A,AV-32666-v2-fake:a,Indruch_SS_4Thursdays_fake:a,av-32836-v0-fake:a,av-39646-v0-fake:a
                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                      Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                                                                      Config-Id: 9
                                                                                                                                                                                                                      Config-Name: AVG-Windows-AV-Consumer_websocket-testing_email-signatures_opswatenabled_asb-and-chrome-since-21.2_version-23.2-and-higher-not-in-fr-de_avg-free_ppi_21.10-and-newer_useipwl_release_ipm_4932_opm_pus_fullscale_previous-version_version-18.6-and-higher_windows-8-and-higher_avg-free-and-release_production_sontiq_quic-on_quic-read-mode-release_emailscanner-ignored-processes_ipm-bau-v23.1-and-higher_version-20.5-and-higher_useopenidwebauth_streaming-updates-globalflags_devicewatcheron_version-20.9-and-higher_pups-in-avg---rollout_winre-bts_avg-forrelease-and-beta-24.4_smartscan-free-win10-antivirus_aosstorelink_enableddwm_enablehns3_avg-forrelease-and-beta-24.12-blatnyonly_fs-and-idp-integration_cef-91_cefsettings-on_ispublicrelease_opm_burger_tracking_limitation_productversion-higher-23.2-and-country-not-in-fr-de_usa_multidetection_ipm_6515_6516_vps_sites_test_b-49a0074f6b9e8c59f52655769a8073cb24ad4d9c17bd3605710a40ea3409dd6e
                                                                                                                                                                                                                      Config-Version: 2189
                                                                                                                                                                                                                      Segments: websocket testing,email signatures,opswatenabled,asb and chrome since 21.2,version 23.2 and higher not in fr de,avg free,ppi,21.10 and newer,useipwl_release,ipm_4932_opm_pus_fullscale,previous version,version 18.6 and higher,windows 8 and higher,avg free and release,production,sontiq,quic on,quic read mode release,emailscanner ignored processes,ipm bau v23.1 and higher,version 20.5 and higher,useopenidwebauth,streaming updates globalflags,devicewatcheron,version 20.9 and higher,pups in avg - rollout,winre bts,avg forrelease and beta 24.4,smartscan free win10 antivirus,aosstorelink,enableddwm,enablehns3,avg forrelease and beta 24.12 blatnyonly,fs and idp integration,cef 91,cefsettings on,ispublicrelease,opm_burger_tracking_limitation,productversion higher 23.2 and country not in fr de,usa,multidetection,ipm_6515_6516_vps_sites_test_b
                                                                                                                                                                                                                      TTL: 60
                                                                                                                                                                                                                      TTL-Spread: 43200
                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                      Alt-Svc: clear
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      2024-12-24 11:07:19 UTC1390INData Raw: 5b 52 65 6d 6f 74 65 41 63 63 65 73 73 53 68 69 65 6c 64 2e 53 65 74 74 69 6e 67 5d 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 44 61 79 3d 36 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 48 6f 75 72 3d 34 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 4d 69 6e 75 74 65 3d 33 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 54 65 6e 53 65 63 6f 6e 64 73 3d 31 32 0d 0a 5b 57 65 62 53 68 69 65 6c 64 2e 57 65 62 53 6f 63 6b 65 74 5d 0d 0a 45 6e 61 62 6c 65 64 3d 31 0d 0a 5b 53 65 74 74 69 6e 67 73 2e 55 73 65 72 49 6e 74 65 72 66 61 63 65 5d 0d 0a 53 68 65 6c 6c 45 78 74 65 6e 73 69 6f 6e 46 69 6c 65 4e 61 6d 65 3d 30 0d 0a
                                                                                                                                                                                                                      Data Ascii: [RemoteAccessShield.Setting]BruteForceMaxAttemptsPerDay=60BruteForceMaxAttemptsPerHour=40BruteForceMaxAttemptsPerMinute=30BruteForceMaxAttemptsPerTenSeconds=12[WebShield.WebSocket]Enabled=1[Settings.UserInterface]ShellExtensionFileName=0
                                                                                                                                                                                                                      2024-12-24 11:07:19 UTC1390INData Raw: 57 56 7a 63 32 46 6e 61 57 35 6e 49 6a 70 62 58 58 31 39 0d 0a 44 69 73 61 62 6c 65 49 70 6d 45 6c 65 6d 65 6e 74 73 3d 33 31 38 2c 31 39 36 0d 0a 5b 44 57 4d 5d 0d 0a 73 65 72 76 65 72 3d 68 74 74 70 73 3a 2f 2f 69 64 65 6e 74 69 74 79 70 72 6f 74 65 63 74 69 6f 6e 2e 61 76 67 2e 63 6f 6d 0d 0a 5b 45 78 74 65 6e 73 69 6f 6e 73 5d 0d 0a 46 46 41 4f 53 3d 77 72 63 40 61 76 61 73 74 2e 63 6f 6d 0d 0a 46 46 41 53 47 3d 61 76 67 40 73 61 66 65 67 75 61 72 64 0d 0a 46 46 41 53 50 3d 38 38 36 41 36 34 38 36 2d 33 37 42 33 2d 34 42 43 44 2d 38 39 31 42 2d 46 44 30 45 33 32 35 45 37 62 31 41 0d 0a 46 46 41 53 54 3d 61 76 67 40 73 65 63 75 72 69 74 79 0d 0a 46 46 50 41 4d 3d 6a 69 64 31 2d 72 31 74 44 75 4e 69 4e 62 34 53 45 77 77 40 6a 65 74 70 61 63 6b 0d 0a 46
                                                                                                                                                                                                                      Data Ascii: WVzc2FnaW5nIjpbXX19DisableIpmElements=318,196[DWM]server=https://identityprotection.avg.com[Extensions]FFAOS=wrc@avast.comFFASG=avg@safeguardFFASP=886A6486-37B3-4BCD-891B-FD0E325E7b1AFFAST=avg@securityFFPAM=jid1-r1tDuNiNb4SEww@jetpackF
                                                                                                                                                                                                                      2024-12-24 11:07:19 UTC1316INData Raw: 61 73 75 72 65 50 65 72 66 6f 72 6d 61 6e 63 65 5f 45 6e 61 62 6c 65 64 3d 30 0d 0a 47 61 6d 65 52 75 6c 65 5f 4e 6f 41 76 61 73 74 49 6e 74 65 72 72 75 70 74 69 6f 6e 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 50 61 75 73 65 41 6c 6c 55 70 64 61 74 65 54 61 73 6b 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 50 61 75 73 65 41 76 42 61 63 6b 67 72 6f 75 6e 64 54 61 73 6b 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 50 61 75 73 65 53 79 73 74 65 6d 42 61 63 6b 67 72 6f 75 6e 64 54 61 73 6b 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 50 61 75 73 65 57 69 6e 64 6f 77 73 55 70 64 61 74 65 5f 45 6e 61 62 6c 65 64 3d 30 0d 0a 47 61 6d 65 52 75 6c 65 5f 53 65 74 43 70 75 4c 69
                                                                                                                                                                                                                      Data Ascii: asurePerformance_Enabled=0GameRule_NoAvastInterruptions_Enabled=1GameRule_PauseAllUpdateTasks_Enabled=1GameRule_PauseAvBackgroundTasks_Enabled=1GameRule_PauseSystemBackgroundTasks_Enabled=1GameRule_PauseWindowsUpdate_Enabled=0GameRule_SetCpuLi
                                                                                                                                                                                                                      2024-12-24 11:07:19 UTC1390INData Raw: 5f 55 4e 54 49 4c 3d 32 30 33 31 2d 30 34 2d 31 33 20 32 33 3a 35 39 3a 35 39 0d 0a 4e 45 54 43 4c 41 53 53 5f 4d 41 58 5f 45 4e 54 52 59 5f 41 47 45 5f 53 45 43 4f 4e 44 53 3d 37 37 37 36 30 30 30 0d 0a 4e 45 58 54 5f 4e 43 43 5f 43 45 52 54 5f 30 5f 53 48 41 31 3d 35 34 39 36 46 43 32 31 45 34 35 46 35 32 42 42 43 36 44 46 46 44 36 43 33 45 35 42 30 33 44 39 46 42 32 44 32 43 42 31 0d 0a 4e 45 58 54 5f 4e 43 43 5f 43 45 52 54 5f 30 5f 56 41 4c 49 44 5f 46 52 4f 4d 3d 32 30 32 34 2d 30 31 2d 31 38 20 30 30 3a 30 30 3a 30 30 0d 0a 4e 45 58 54 5f 4e 43 43 5f 43 45 52 54 5f 30 5f 56 41 4c 49 44 5f 55 4e 54 49 4c 3d 32 30 32 35 2d 30 31 2d 31 37 20 32 33 3a 35 39 3a 35 39 0d 0a 4e 45 58 54 5f 4e 43 43 5f 43 45 52 54 5f 31 5f 53 48 41 31 3d 31 43 35 38 41 33
                                                                                                                                                                                                                      Data Ascii: _UNTIL=2031-04-13 23:59:59NETCLASS_MAX_ENTRY_AGE_SECONDS=7776000NEXT_NCC_CERT_0_SHA1=5496FC21E45F52BBC6DFFD6C3E5B03D9FB2D2CB1NEXT_NCC_CERT_0_VALID_FROM=2024-01-18 00:00:00NEXT_NCC_CERT_0_VALID_UNTIL=2025-01-17 23:59:59NEXT_NCC_CERT_1_SHA1=1C58A3
                                                                                                                                                                                                                      2024-12-24 11:07:19 UTC1390INData Raw: 76 5f 65 78 70 69 72 61 74 69 6f 6e 64 61 74 65 2c 61 61 76 5f 69 6e 73 74 61 6c 6c 64 61 74 65 2c 61 61 76 5f 6c 69 63 73 74 61 74 65 2c 61 61 76 5f 70 72 6f 64 75 63 74 74 79 70 65 2c 61 61 76 5f 73 69 64 2c 61 61 76 5f 76 65 72 2c 63 6f 64 65 2c 70 5f 61 66 72 2c 70 5f 61 70 75 2c 70 5f 61 73 64 2c 70 5f 61 73 72 2c 70 5f 61 66 66 2c 70 5f 61 6d 73 67 75 69 64 2c 70 5f 61 66 70 73 2c 70 5f 61 74 61 63 61 67 65 2c 70 5f 61 74 62 6e 2c 70 5f 61 74 75 69 2c 70 5f 61 76 73 74 2c 70 5f 61 76 75 74 73 2c 70 5f 74 6f 61 2c 70 5f 61 62 6d 2c 70 5f 61 66 69 2c 70 5f 61 74 6d 2c 70 5f 61 61 65 2c 70 5f 61 76 67 75 70 2c 70 5f 61 76 72 73 74 2c 70 5f 72 75 6e 76 2c 70 5f 62 73 61 63 61 67 65 2c 70 5f 62 73 6c 69 63 2c 70 5f 62 73 6c 6d 2c 70 5f 62 73 73 6e 2c 62
                                                                                                                                                                                                                      Data Ascii: v_expirationdate,aav_installdate,aav_licstate,aav_producttype,aav_sid,aav_ver,code,p_afr,p_apu,p_asd,p_asr,p_aff,p_amsguid,p_afps,p_atacage,p_atbn,p_atui,p_avst,p_avuts,p_toa,p_abm,p_afi,p_atm,p_aae,p_avgup,p_avrst,p_runv,p_bsacage,p_bslic,p_bslm,p_bssn,b
                                                                                                                                                                                                                      2024-12-24 11:07:19 UTC1316INData Raw: 63 74 6e 2c 70 5f 70 61 6c 74 2c 70 5f 70 63 74 2c 70 5f 70 76 73 77 2c 70 5f 63 70 76 2c 70 66 69 64 2c 70 5f 70 72 73 2c 70 5f 70 72 76 2c 71 5f 70 72 6f 63 65 73 73 2c 71 5f 72 65 69 6e 73 74 61 6c 6c 2c 71 5f 75 6e 69 6e 73 74 61 6c 6c 2c 71 5f 75 73 61 67 65 6c 65 6e 67 68 74 2c 70 5f 71 63 6d 2c 72 65 66 72 65 73 68 2c 75 2c 70 5f 67 69 64 2c 72 63 69 64 2c 70 5f 73 7a 62 70 69 64 2c 70 5f 73 7a 76 66 2c 70 5f 73 7a 76 74 2c 70 5f 66 73 6d 74 2c 70 5f 66 73 62 2c 70 5f 6d 73 62 2c 70 5f 73 77 62 2c 70 5f 64 70 69 2c 70 5f 72 65 68 2c 70 5f 72 65 77 2c 73 61 70 69 6b 65 79 2c 70 5f 73 6c 61 63 61 67 65 2c 70 5f 73 6c 63 63 73 2c 70 5f 73 6c 63 63 74 2c 70 5f 73 6c 64 74 74 2c 70 5f 73 6c 73 2c 70 5f 73 6c 63 74 2c 70 5f 73 6c 63 74 74 2c 70 5f 73 6c
                                                                                                                                                                                                                      Data Ascii: ctn,p_palt,p_pct,p_pvsw,p_cpv,pfid,p_prs,p_prv,q_process,q_reinstall,q_uninstall,q_usagelenght,p_qcm,refresh,u,p_gid,rcid,p_szbpid,p_szvf,p_szvt,p_fsmt,p_fsb,p_msb,p_swb,p_dpi,p_reh,p_rew,sapikey,p_slacage,p_slccs,p_slcct,p_sldtt,p_sls,p_slct,p_slctt,p_sl
                                                                                                                                                                                                                      2024-12-24 11:07:19 UTC1390INData Raw: 74 2e 65 78 65 2c 56 33 50 33 41 54 2e 45 58 45 2c 79 70 61 67 65 72 2e 65 78 65 2c 75 74 6f 72 72 65 6e 74 2e 65 78 65 2c 77 63 65 73 63 6f 6d 6d 2e 65 78 65 2c 74 6f 72 2e 65 78 65 2c 67 6f 6f 67 6c 65 64 65 73 6b 74 6f 70 2e 2c 6c 69 76 65 63 6f 6d 6d 2e 65 78 65 2c 57 57 41 48 6f 73 74 2e 65 78 65 2c 61 66 77 73 65 72 76 2e 65 78 65 2c 41 76 61 73 74 45 6d 55 70 64 61 74 65 2e 2c 63 6f 72 65 2e 65 78 65 2c 61 76 67 65 6d 63 2e 65 78 65 2c 6d 73 6e 6d 73 67 72 2e 65 78 65 2c 41 63 72 6f 52 64 33 32 2e 65 78 65 2c 41 63 72 6f 62 61 74 2e 65 78 65 2c 51 76 6f 64 54 65 72 6d 69 6e 61 6c 2e 65 2c 42 61 63 6b 75 70 53 65 72 76 69 63 65 2e 2c 56 69 72 74 75 61 6c 42 6f 78 2e 65 78 65 2c 76 6d 6e 61 74 2e 65 78 65 0d 0a 4d 61 78 43 6f 6e 6e 65 63 74 69 6f 6e
                                                                                                                                                                                                                      Data Ascii: t.exe,V3P3AT.EXE,ypager.exe,utorrent.exe,wcescomm.exe,tor.exe,googledesktop.,livecomm.exe,WWAHost.exe,afwserv.exe,AvastEmUpdate.,core.exe,avgemc.exe,msnmsgr.exe,AcroRd32.exe,Acrobat.exe,QvodTerminal.e,BackupService.,VirtualBox.exe,vmnat.exeMaxConnection
                                                                                                                                                                                                                      2024-12-24 11:07:19 UTC1390INData Raw: 77 6e 43 68 61 72 54 69 6d 65 4f 75 74 3d 31 37 32 38 30 30 30 0d 0a 66 69 6c 65 70 72 6f 74 65 63 74 69 6f 6e 5f 64 65 66 61 75 6c 74 65 78 74 65 6e 73 69 6f 6e 73 3d 72 73 77 63 61 74 5f 61 72 63 68 69 76 65 3b 37 7a 3b 72 61 72 3b 7a 69 70 3b 72 73 77 63 61 74 5f 6d 75 73 69 63 3b 6d 33 75 3b 6d 34 61 3b 6d 70 33 3b 77 6d 61 3b 6f 67 67 3b 77 61 76 3b 72 73 77 63 61 74 5f 64 61 74 61 62 61 73 65 3b 73 71 6c 69 74 65 3b 73 71 6c 69 74 65 33 3b 72 73 77 63 61 74 5f 64 69 73 63 3b 69 73 6f 3b 69 6d 67 3b 6e 72 67 3b 74 63 3b 6f 64 62 3b 72 73 77 63 61 74 5f 64 6f 63 75 6d 65 6e 74 3b 64 6f 63 3b 64 6f 63 78 3b 6f 64 74 3b 72 74 66 3b 77 70 64 3b 77 70 73 3b 63 73 76 3b 6b 65 79 3b 70 64 66 3b 70 70 73 3b 70 70 74 3b 70 70 74 6d 3b 70 70 74 78 3b 70 73 3b
                                                                                                                                                                                                                      Data Ascii: wnCharTimeOut=1728000fileprotection_defaultextensions=rswcat_archive;7z;rar;zip;rswcat_music;m3u;m4a;mp3;wma;ogg;wav;rswcat_database;sqlite;sqlite3;rswcat_disc;iso;img;nrg;tc;odb;rswcat_document;doc;docx;odt;rtf;wpd;wps;csv;key;pdf;pps;ppt;pptm;pptx;ps;
                                                                                                                                                                                                                      2024-12-24 11:07:19 UTC292INData Raw: 6d 65 53 63 61 6e 5d 0d 0a 41 6c 6c 6f 77 57 69 6e 52 45 3d 30 0d 0a 5b 4c 49 53 5d 0d 0a 61 73 62 5f 70 61 72 61 6d 73 3d 5b 22 2d 73 20 2d 2d 72 75 6e 2d 73 6f 75 72 63 65 3d 61 76 67 5f 75 69 22 5d 0d 0a 61 73 62 5f 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 64 6f 77 6e 6c 6f 61 64 2e 61 76 61 73 74 62 72 6f 77 73 65 72 2e 63 6f 6d 2f 61 76 67 5f 73 65 63 75 72 65 5f 62 72 6f 77 73 65 72 5f 73 65 74 75 70 2e 65 78 65 0d 0a 61 74 72 6b 5f 70 61 72 61 6d 73 3d 5b 22 2f 53 22 2c 22 2f 73 69 6c 65 6e 74 22 5d 0d 0a 61 74 72 6b 5f 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 68 6f 6e 7a 69 6b 2e 61 76 63 64 6e 2e 6e 65 74 2f 73 65 74 75 70 2f 61 76 67 2d 61 74 72 6b 2f 72 65 6c 65 61 73 65 2f 61 76 67 5f 61 6e 74 69 74 72 61 63 6b 5f 6f 6e 6c 69 6e 65 5f 73 65
                                                                                                                                                                                                                      Data Ascii: meScan]AllowWinRE=0[LIS]asb_params=["-s --run-source=avg_ui"]asb_url=https://cdn-download.avastbrowser.com/avg_secure_browser_setup.exeatrk_params=["/S","/silent"]atrk_url=https://honzik.avcdn.net/setup/avg-atrk/release/avg_antitrack_online_se


                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                      Start time:06:04:59
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe"
                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                      File size:14'472'984 bytes
                                                                                                                                                                                                                      MD5 hash:AF45BC08A07F1BA16ABE59F29072EBCC
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                                      Start time:06:04:59
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\is-8UDBG.tmp\Canvas of Kings_N6xC-S2.tmp" /SL5="$20416,13566766,780800,C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe"
                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                      File size:3'025'328 bytes
                                                                                                                                                                                                                      MD5 hash:49312C19FA9B298CA2AE71E14F07CCF3
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                      • Rule: JoeSecurity_QueryWinSATClassID, Description: Yara detected QueryWinSAT ClassID, Source: 00000001.00000003.2233964889.0000000000734000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: JoeSecurity_QueryWinSATClassID, Description: Yara detected QueryWinSAT ClassID, Source: 00000001.00000003.2233909651.0000000000734000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                      Start time:06:05:59
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
                                                                                                                                                                                                                      Imagebase:0x60000
                                                                                                                                                                                                                      File size:1'184'128 bytes
                                                                                                                                                                                                                      MD5 hash:143255618462A577DE27286A272584E1
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                      Start time:06:06:02
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbM7D8YdixE5HhZyLyta7SFjWzBoCRk5knOtfwaHxtSx8W5YVAbWE4FqjuMlqeXqa53IPQ
                                                                                                                                                                                                                      Imagebase:0x470000
                                                                                                                                                                                                                      File size:234'936 bytes
                                                                                                                                                                                                                      MD5 hash:26816AF65F2A3F1C61FB44C682510C97
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                      Start time:06:06:05
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"
                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                      File size:5'727'368 bytes
                                                                                                                                                                                                                      MD5 hash:F269C5140CBC0E376CC7354A801DDD16
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                      Start time:06:06:08
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Windows\Temp\asw.d8c2b19fc2277941\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbM7D8YdixE5HhZyLyta7SFjWzBoCRk5knOtfwaHxtSx8W5YVAbWE4FqjuMlqeXqa53IPQ /cookie:mmm_irs_ppi_902_451_o /ga_clientid:729de4ae-763f-4df7-a043-5659222e822a /edat_dir:C:\Windows\Temp\asw.d8c2b19fc2277941
                                                                                                                                                                                                                      Imagebase:0x7a0000
                                                                                                                                                                                                                      File size:1'691'384 bytes
                                                                                                                                                                                                                      MD5 hash:6EBB043BC04784DBC6DF3F4C52391CD0
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                      Start time:06:06:10
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exe "qBittorrent" ENABLE
                                                                                                                                                                                                                      Imagebase:0x1560000
                                                                                                                                                                                                                      File size:82'432 bytes
                                                                                                                                                                                                                      MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                      Start time:06:06:10
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:11
                                                                                                                                                                                                                      Start time:06:06:11
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\qbittorrent.exe" magnet:?xt=urn:btih:BFF18AF5608F9196CF05BF0C1F0B54A18C3F0A77
                                                                                                                                                                                                                      Imagebase:0x70000
                                                                                                                                                                                                                      File size:23'891'968 bytes
                                                                                                                                                                                                                      MD5 hash:22A34900ADA67EAD7E634EB693BD3095
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:12
                                                                                                                                                                                                                      Start time:06:06:11
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                      Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                      Start time:06:06:13
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\nsdA8C9.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
                                                                                                                                                                                                                      Imagebase:0x80000
                                                                                                                                                                                                                      File size:1'910'576 bytes
                                                                                                                                                                                                                      MD5 hash:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:14
                                                                                                                                                                                                                      Start time:06:06:16
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\GUMC557.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
                                                                                                                                                                                                                      Imagebase:0xb80000
                                                                                                                                                                                                                      File size:440'608 bytes
                                                                                                                                                                                                                      MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:15
                                                                                                                                                                                                                      Start time:06:06:17
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                                                                      Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:16
                                                                                                                                                                                                                      Start time:06:06:17
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6836 -ip 6836
                                                                                                                                                                                                                      Imagebase:0x4b0000
                                                                                                                                                                                                                      File size:483'680 bytes
                                                                                                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                      Start time:06:06:18
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 2516
                                                                                                                                                                                                                      Imagebase:0x4b0000
                                                                                                                                                                                                                      File size:483'680 bytes
                                                                                                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:18
                                                                                                                                                                                                                      Start time:06:06:20
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
                                                                                                                                                                                                                      Imagebase:0xfc0000
                                                                                                                                                                                                                      File size:440'608 bytes
                                                                                                                                                                                                                      MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:20
                                                                                                                                                                                                                      Start time:06:06:21
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
                                                                                                                                                                                                                      Imagebase:0xfc0000
                                                                                                                                                                                                                      File size:440'608 bytes
                                                                                                                                                                                                                      MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:21
                                                                                                                                                                                                                      Start time:06:06:21
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff7d5610000
                                                                                                                                                                                                                      File size:438'592 bytes
                                                                                                                                                                                                                      MD5 hash:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:22
                                                                                                                                                                                                                      Start time:06:06:21
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff7d5610000
                                                                                                                                                                                                                      File size:438'592 bytes
                                                                                                                                                                                                                      MD5 hash:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:23
                                                                                                                                                                                                                      Start time:06:06:21
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff7d5610000
                                                                                                                                                                                                                      File size:438'592 bytes
                                                                                                                                                                                                                      MD5 hash:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:24
                                                                                                                                                                                                                      Start time:06:06:22
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c
                                                                                                                                                                                                                      Imagebase:0xfc0000
                                                                                                                                                                                                                      File size:440'608 bytes
                                                                                                                                                                                                                      MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:25
                                                                                                                                                                                                                      Start time:06:06:22
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler
                                                                                                                                                                                                                      Imagebase:0xfc0000
                                                                                                                                                                                                                      File size:440'608 bytes
                                                                                                                                                                                                                      MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:26
                                                                                                                                                                                                                      Start time:06:06:22
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr
                                                                                                                                                                                                                      Imagebase:0xfc0000
                                                                                                                                                                                                                      File size:440'608 bytes
                                                                                                                                                                                                                      MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:27
                                                                                                                                                                                                                      Start time:06:06:23
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe"
                                                                                                                                                                                                                      Imagebase:0x610000
                                                                                                                                                                                                                      File size:383'232 bytes
                                                                                                                                                                                                                      MD5 hash:1694092D5DE0E0DAEF4C5EA13EA84CAB
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:28
                                                                                                                                                                                                                      Start time:06:06:23
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
                                                                                                                                                                                                                      Imagebase:0xfc0000
                                                                                                                                                                                                                      File size:440'608 bytes
                                                                                                                                                                                                                      MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:29
                                                                                                                                                                                                                      Start time:06:06:23
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff6a4c10000
                                                                                                                                                                                                                      File size:404'480 bytes
                                                                                                                                                                                                                      MD5 hash:09621280025727AB4CB39BD6F6B2C69E
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:30
                                                                                                                                                                                                                      Start time:06:06:24
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                      Imagebase:0x7ff65a0f0000
                                                                                                                                                                                                                      File size:69'632 bytes
                                                                                                                                                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:31
                                                                                                                                                                                                                      Start time:06:06:25
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0NDMDExQUU3LUFBRTUtNDU0My04NERCLUU0RDQ4MTM1ODMzRH0iIHVzZXJpZD0iezA4MDIwMkM2LTAzOTEtNDM2MC04OUUxLUMzQjg2Nzc2RDEyNX0iIHVzZXJpZF9kYXRlPSIyMDI0MTIyNCIgbWFjaGluZWlkPSJ7MDAwMEE1QkYtREU0OC1DNDM5LTg3RjAtNkQ4MTJBQUJFMDk3fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjI0IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0JBMTMwMjRFLUQ1QUYtNDgxNi05OTQ1LTA4Mzk0NzkxMEY5Rn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjA5NCIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                                                                                                                                      Imagebase:0xfc0000
                                                                                                                                                                                                                      File size:440'608 bytes
                                                                                                                                                                                                                      MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:32
                                                                                                                                                                                                                      Start time:06:06:25
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{CC011AE7-AAE5-4543-84DB-E4D48135833D}" /silent
                                                                                                                                                                                                                      Imagebase:0xfc0000
                                                                                                                                                                                                                      File size:440'608 bytes
                                                                                                                                                                                                                      MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:33
                                                                                                                                                                                                                      Start time:06:06:26
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc
                                                                                                                                                                                                                      Imagebase:0xfc0000
                                                                                                                                                                                                                      File size:440'608 bytes
                                                                                                                                                                                                                      MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:34
                                                                                                                                                                                                                      Start time:06:06:26
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
                                                                                                                                                                                                                      Imagebase:0xfc0000
                                                                                                                                                                                                                      File size:440'608 bytes
                                                                                                                                                                                                                      MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:35
                                                                                                                                                                                                                      Start time:06:06:39
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6836 -ip 6836
                                                                                                                                                                                                                      Imagebase:0x4b0000
                                                                                                                                                                                                                      File size:483'680 bytes
                                                                                                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:36
                                                                                                                                                                                                                      Start time:06:06:39
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 2516
                                                                                                                                                                                                                      Imagebase:0x4b0000
                                                                                                                                                                                                                      File size:483'680 bytes
                                                                                                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:37
                                                                                                                                                                                                                      Start time:06:06:46
                                                                                                                                                                                                                      Start date:24/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-d762e71a-c8aa-44ab-966e-2c9540294724\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbM7D8YdixE5HhZyLyta7SFjWzBoCRk5knOtfwaHxtSx8W5YVAbWE4FqjuMlqeXqa53IPQ /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.d8c2b19fc2277941 /track-guid:729de4ae-763f-4df7-a043-5659222e822a
                                                                                                                                                                                                                      Imagebase:0x7ff617b70000
                                                                                                                                                                                                                      File size:8'425'288 bytes
                                                                                                                                                                                                                      MD5 hash:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:6.6%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                        Signature Coverage:11%
                                                                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                                                                        Total number of Limit Nodes:34
                                                                                                                                                                                                                        execution_graph 83939 105192 83956 102e1c 83939->83956 83941 1051a0 83942 1051ce 83941->83942 83943 1051af 83941->83943 83944 1051e9 83942->83944 83945 1051dc 83942->83945 83977 ed73d 83943->83977 83948 1051fc 83944->83948 83980 10555a 16 API calls __wsopen_s 83944->83980 83947 ed73d __Wcrtomb 14 API calls 83945->83947 83951 1051b4 83947->83951 83948->83951 83953 10526e 83948->83953 83954 10527b 83948->83954 83981 10ec2a 83948->83981 83953->83954 83961 1055f5 83953->83961 83966 1053c0 83954->83966 83957 102e28 83956->83957 83958 102e3d 83956->83958 83959 ed73d __Wcrtomb 14 API calls 83957->83959 83958->83941 83960 102e2d __wsopen_s 83959->83960 83960->83941 83988 102174 83961->83988 83965 10561a 83965->83954 83967 102e1c __FrameHandler3::FrameUnwindToState 14 API calls 83966->83967 83968 1053cf 83967->83968 83969 105472 83968->83969 83970 1053e2 83968->83970 83971 105ee6 __wsopen_s 68 API calls 83969->83971 83972 105423 83970->83972 83973 1053ff 83970->83973 83975 10540c 83971->83975 83972->83975 84002 106972 83972->84002 84005 105ee6 83973->84005 83975->83951 84160 101e00 14 API calls 2 library calls 83977->84160 83979 ed742 83979->83951 83980->83948 83982 10ec44 83981->83982 83983 10ec37 83981->83983 83985 ed73d __Wcrtomb 14 API calls 83982->83985 83986 10ec50 83982->83986 83984 ed73d __Wcrtomb 14 API calls 83983->83984 83987 10ec3c __wsopen_s 83984->83987 83985->83987 83986->83953 83987->83953 83989 1021b2 83988->83989 83993 102182 __cftoe 83988->83993 83990 ed73d __Wcrtomb 14 API calls 83989->83990 83992 1021b0 83990->83992 83991 10219d RtlAllocateHeap 83991->83992 83991->83993 83995 102098 83992->83995 83993->83989 83993->83991 84001 ff60f EnterCriticalSection LeaveCriticalSection moneypunct 83993->84001 83996 1020a3 RtlFreeHeap 83995->83996 84000 1020cc _free 83995->84000 83997 1020b8 83996->83997 83996->84000 83998 ed73d __Wcrtomb 12 API calls 83997->83998 83999 1020be GetLastError 83998->83999 83999->84000 84000->83965 84001->83993 84028 1067ea 84002->84028 84004 106988 84004->83975 84006 105ef2 __FrameHandler3::FrameUnwindToState 84005->84006 84007 105f12 84006->84007 84008 105efa 84006->84008 84010 105fad 84007->84010 84014 105f44 84007->84014 84122 ed72a 14 API calls __Wcrtomb 84008->84122 84125 ed72a 14 API calls __Wcrtomb 84010->84125 84011 105eff 84013 ed73d __Wcrtomb 14 API calls 84011->84013 84021 105f07 __wsopen_s 84013->84021 84079 10ace1 EnterCriticalSection 84014->84079 84015 105fb2 84017 ed73d __Wcrtomb 14 API calls 84015->84017 84017->84021 84018 105f4a 84019 105f66 84018->84019 84020 105f7b 84018->84020 84023 ed73d __Wcrtomb 14 API calls 84019->84023 84080 105fd8 84020->84080 84021->83975 84025 105f6b 84023->84025 84024 105f76 84124 105fa5 LeaveCriticalSection __wsopen_s 84024->84124 84123 ed72a 14 API calls __Wcrtomb 84025->84123 84029 1067f6 __FrameHandler3::FrameUnwindToState 84028->84029 84030 106816 84029->84030 84031 1067fe 84029->84031 84033 1068c7 84030->84033 84037 10684b 84030->84037 84061 ed72a 14 API calls __Wcrtomb 84031->84061 84064 ed72a 14 API calls __Wcrtomb 84033->84064 84035 106803 84038 ed73d __Wcrtomb 14 API calls 84035->84038 84036 1068cc 84039 ed73d __Wcrtomb 14 API calls 84036->84039 84051 10ace1 EnterCriticalSection 84037->84051 84041 10680b __wsopen_s 84038->84041 84039->84041 84041->84004 84042 106851 84043 106875 84042->84043 84044 10688a 84042->84044 84045 ed73d __Wcrtomb 14 API calls 84043->84045 84052 1068f6 84044->84052 84047 10687a 84045->84047 84062 ed72a 14 API calls __Wcrtomb 84047->84062 84048 106885 84063 1068bf LeaveCriticalSection __wsopen_s 84048->84063 84051->84042 84065 10af5d 84052->84065 84054 106908 84055 106910 84054->84055 84056 106921 SetFilePointerEx 84054->84056 84058 ed73d __Wcrtomb 14 API calls 84055->84058 84057 106939 GetLastError 84056->84057 84060 106915 84056->84060 84076 ed707 14 API calls 3 library calls 84057->84076 84058->84060 84060->84048 84061->84035 84062->84048 84063->84041 84064->84036 84066 10af6a 84065->84066 84068 10af7f 84065->84068 84077 ed72a 14 API calls __Wcrtomb 84066->84077 84073 10afa4 84068->84073 84078 ed72a 14 API calls __Wcrtomb 84068->84078 84070 10af6f 84072 ed73d __Wcrtomb 14 API calls 84070->84072 84071 10afaf 84074 ed73d __Wcrtomb 14 API calls 84071->84074 84075 10af77 __wsopen_s 84072->84075 84073->84054 84074->84075 84075->84054 84076->84060 84077->84070 84078->84071 84079->84018 84081 105ffa 84080->84081 84108 10600b __wsopen_s 84080->84108 84082 105ffe 84081->84082 84085 10604e 84081->84085 84143 ed72a 14 API calls __Wcrtomb 84082->84143 84084 106003 84086 ed73d __Wcrtomb 14 API calls 84084->84086 84089 106061 84085->84089 84126 10698d 84085->84126 84086->84108 84129 105b7f 84089->84129 84091 1060b6 84095 1060ca 84091->84095 84096 10610f WriteFile 84091->84096 84092 106077 84093 1060a0 84092->84093 84094 10607b 84092->84094 84145 10576d 53 API calls 6 library calls 84093->84145 84103 106096 84094->84103 84144 105b17 6 API calls __wsopen_s 84094->84144 84099 1060d5 84095->84099 84100 1060ff 84095->84100 84098 106133 GetLastError 84096->84098 84109 1060ed 84096->84109 84098->84109 84104 1060da 84099->84104 84105 1060ef 84099->84105 84136 105bf0 84100->84136 84103->84108 84110 106183 84103->84110 84111 106159 84103->84111 84104->84103 84107 1060df 84104->84107 84147 105db4 8 API calls 3 library calls 84105->84147 84146 105ccb 7 API calls 2 library calls 84107->84146 84108->84024 84109->84103 84110->84108 84116 ed73d __Wcrtomb 14 API calls 84110->84116 84113 106160 84111->84113 84114 106177 84111->84114 84117 ed73d __Wcrtomb 14 API calls 84113->84117 84149 ed707 14 API calls 3 library calls 84114->84149 84119 10619b 84116->84119 84118 106165 84117->84118 84148 ed72a 14 API calls __Wcrtomb 84118->84148 84150 ed72a 14 API calls __Wcrtomb 84119->84150 84122->84011 84123->84024 84124->84021 84125->84015 84127 1068f6 __wsopen_s 16 API calls 84126->84127 84128 1069a3 84127->84128 84128->84089 84130 10ec2a __wsopen_s 14 API calls 84129->84130 84131 105b90 84130->84131 84132 105be6 84131->84132 84151 101ca9 48 API calls 3 library calls 84131->84151 84132->84091 84132->84092 84134 105bb3 84134->84132 84135 105bcd GetConsoleMode 84134->84135 84135->84132 84141 105bff __wsopen_s 84136->84141 84137 105cb0 84152 e8367 84137->84152 84139 105cc9 84139->84103 84140 105c6f WriteFile 84140->84141 84142 105cb2 GetLastError 84140->84142 84141->84137 84141->84140 84142->84137 84143->84084 84144->84103 84145->84103 84146->84109 84147->84109 84148->84108 84149->84108 84150->84108 84151->84134 84153 e836f 84152->84153 84154 e8370 IsProcessorFeaturePresent 84152->84154 84153->84139 84156 e9055 84154->84156 84159 e9018 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 84156->84159 84158 e9138 84158->84139 84159->84158 84160->83979 84161 e97ac 84162 e97bc 84161->84162 84165 d293c 84162->84165 84191 d269d 84165->84191 84168 d29a9 84169 d28da DloadReleaseSectionWriteAccess 8 API calls 84168->84169 84170 d29b4 RaiseException 84169->84170 84187 d2ba2 84170->84187 84171 d2a45 LoadLibraryExA 84172 d2a58 GetLastError 84171->84172 84173 d2aa6 84171->84173 84175 d2a6b 84172->84175 84176 d2a81 84172->84176 84174 d2ab8 84173->84174 84178 d2ab1 FreeLibrary 84173->84178 84177 d2b16 GetProcAddress 84174->84177 84186 d2b74 84174->84186 84175->84173 84175->84176 84180 d28da DloadReleaseSectionWriteAccess 8 API calls 84176->84180 84181 d2b26 GetLastError 84177->84181 84177->84186 84178->84174 84179 d29cd 84179->84171 84179->84173 84179->84174 84179->84186 84182 d2a8c RaiseException 84180->84182 84183 d2b39 84181->84183 84182->84187 84185 d28da DloadReleaseSectionWriteAccess 8 API calls 84183->84185 84183->84186 84188 d2b5a RaiseException 84185->84188 84197 d28da 84186->84197 84189 d269d ___delayLoadHelper2@8 7 API calls 84188->84189 84190 d2b71 84189->84190 84190->84186 84192 d26a9 84191->84192 84195 d26ca 84191->84195 84205 d2743 84192->84205 84194 d26ae 84194->84195 84210 d286c 84194->84210 84195->84168 84195->84179 84198 d28ec 84197->84198 84199 d290e 84197->84199 84200 d2743 DloadReleaseSectionWriteAccess 4 API calls 84198->84200 84199->84187 84202 d28f1 84200->84202 84201 d2909 84217 d2910 GetModuleHandleW GetProcAddress GetProcAddress ReleaseSRWLockExclusive DloadGetSRWLockFunctionPointers 84201->84217 84202->84201 84203 d286c DloadProtectSection 3 API calls 84202->84203 84203->84201 84215 d26d0 GetModuleHandleW GetProcAddress GetProcAddress 84205->84215 84207 d2748 84208 d2760 AcquireSRWLockExclusive 84207->84208 84209 d2764 84207->84209 84208->84194 84209->84194 84213 d2881 DloadObtainSection 84210->84213 84211 d2887 84211->84195 84212 d28bc VirtualProtect 84212->84211 84213->84211 84213->84212 84216 d2782 VirtualQuery GetSystemInfo 84213->84216 84215->84207 84216->84212 84217->84199 84218 8928d 84257 88fb0 CoCreateGuid 84218->84257 84220 89293 84221 89297 84220->84221 84225 892e9 84220->84225 84296 79bb0 InitOnceBeginInitialize 84221->84296 84227 89307 84225->84227 84234 89366 84225->84234 84228 79bb0 125 API calls 84227->84228 84230 8930c 84228->84230 84232 79940 164 API calls 84230->84232 84236 8931c 84232->84236 84235 79bb0 125 API calls 84234->84235 84245 892e0 std::ios_base::_Ios_base_dtor __Strxfrm 84234->84245 84238 8937e 84235->84238 84239 71b84 79 API calls 84236->84239 84237 892d8 84326 7b8a0 84237->84326 84241 79940 164 API calls 84238->84241 84242 89338 84239->84242 84243 8938e 84241->84243 84342 71be0 76 API calls 84242->84342 84246 71b84 79 API calls 84243->84246 84248 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84245->84248 84249 893aa 84246->84249 84247 89348 84343 74190 84247->84343 84251 8944c 84248->84251 84347 79ab0 84249->84347 84254 893ba 84256 7b8a0 163 API calls 84254->84256 84255 7b8a0 163 API calls 84255->84245 84256->84245 84258 89155 84257->84258 84259 88fd6 StringFromCLSID 84257->84259 84261 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84258->84261 84259->84258 84260 88fee 84259->84260 84260->84258 84263 88ffe 84260->84263 84262 89163 84261->84262 84262->84220 84264 89169 84263->84264 84268 89050 84263->84268 84281 89020 error_info_injector __Strxfrm 84263->84281 84369 734d0 21 API calls collate 84264->84369 84266 8916e 84370 ed60f 84266->84370 84269 89173 Concurrency::cancel_current_task 84268->84269 84272 890cd 84268->84272 84273 890a6 84268->84273 84271 89180 84269->84271 84270 89134 CoTaskMemFree 84274 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84270->84274 84352 9d900 84271->84352 84278 e8713 moneypunct 27 API calls 84272->84278 84279 890b7 __Strxfrm 84272->84279 84273->84269 84355 e8713 84273->84355 84276 8914f 84274->84276 84276->84220 84278->84279 84279->84266 84279->84281 84280 891cd __cftof 84282 79bb0 125 API calls 84280->84282 84281->84270 84283 89213 84282->84283 84284 79940 164 API calls 84283->84284 84285 89223 84284->84285 84286 71b84 79 API calls 84285->84286 84287 8923f 84286->84287 84288 79ab0 76 API calls 84287->84288 84289 8924f 84288->84289 84290 74190 5 API calls 84289->84290 84291 8925f 84290->84291 84292 7b8a0 163 API calls 84291->84292 84293 89267 std::ios_base::_Ios_base_dtor 84292->84293 84294 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84293->84294 84295 8944c 84294->84295 84295->84220 84297 79c45 84296->84297 84298 79bef 84296->84298 84435 f41c9 48 API calls __FrameHandler3::FrameUnwindToState 84297->84435 84299 79c27 84298->84299 84405 79c50 84298->84405 84302 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84299->84302 84305 79c41 84302->84305 84306 79940 84305->84306 84307 79985 84306->84307 84308 79a1c 84306->84308 84307->84308 84312 7998e __cftof 84307->84312 84689 7b420 163 API calls 3 library calls 84308->84689 84310 79a00 std::ios_base::_Ios_base_dtor 84311 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84310->84311 84313 79a51 84311->84313 84686 7b420 163 API calls 3 library calls 84312->84686 84321 71b84 84313->84321 84315 799d5 84687 79820 76 API calls 84315->84687 84317 799e9 84688 7b690 79 API calls error_info_injector 84317->84688 84319 799f8 84320 7b8a0 163 API calls 84319->84320 84320->84310 84322 71bb6 84321->84322 84323 71bbf 84321->84323 84690 780b0 84322->84690 84325 71be0 76 API calls 84323->84325 84325->84237 84327 7b8ff 84326->84327 84333 7b96c error_info_injector 84326->84333 84328 79ab0 76 API calls 84327->84328 84330 7b910 84328->84330 84757 7ba20 84330->84757 84331 7b9e0 84331->84245 84919 7cd20 84333->84919 84334 7b927 84771 820f0 84334->84771 84775 80890 84334->84775 84845 807c0 84334->84845 84335 7b93c 84335->84333 84336 7ba0d 84335->84336 84337 ed60f 11 API calls 84336->84337 84338 7ba12 84337->84338 84342->84247 84344 741d8 84343->84344 84345 741cc 84343->84345 84344->84255 84346 74300 5 API calls 84345->84346 84346->84344 84348 79aec 84347->84348 84349 79b1a 84347->84349 85299 720a0 76 API calls 4 library calls 84348->85299 84349->84254 84351 79afa 84351->84254 84374 9dc50 84352->84374 84354 9d95d 84354->84280 84356 e8718 84355->84356 84358 e8732 84356->84358 84361 73599 moneypunct 84356->84361 84383 f594f 84356->84383 84393 ff60f EnterCriticalSection LeaveCriticalSection moneypunct 84356->84393 84358->84279 84360 e873e 84360->84360 84361->84360 84363 735c5 84361->84363 84390 ea332 84361->84390 84364 e8713 moneypunct 27 API calls 84363->84364 84366 735cb 84364->84366 84365 735d2 84365->84279 84366->84365 84394 ed62c IsProcessorFeaturePresent 84366->84394 84368 ed62b 84371 ed61e 84370->84371 84372 ed62c std::_Locinfo::_W_Getmonths 11 API calls 84371->84372 84373 ed62b 84372->84373 84375 9dc90 84374->84375 84379 9dcc5 84374->84379 84380 e8760 84375->84380 84377 9dc9c 84378 e8713 moneypunct 27 API calls 84377->84378 84378->84379 84379->84354 84381 e8713 moneypunct 27 API calls 84380->84381 84382 e8795 84381->84382 84382->84377 84389 102174 __cftoe 84383->84389 84384 1021b2 84385 ed73d __Wcrtomb 14 API calls 84384->84385 84387 1021b0 84385->84387 84386 10219d RtlAllocateHeap 84386->84387 84386->84389 84387->84356 84389->84384 84389->84386 84398 ff60f EnterCriticalSection LeaveCriticalSection moneypunct 84389->84398 84391 ea34c 84390->84391 84392 ea379 RaiseException 84390->84392 84391->84392 84392->84361 84393->84356 84395 ed638 84394->84395 84399 ed453 84395->84399 84398->84389 84400 ed46f __cftof __FrameHandler3::FrameUnwindToState 84399->84400 84401 ed49b IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 84400->84401 84402 ed56c __FrameHandler3::FrameUnwindToState 84401->84402 84403 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84402->84403 84404 ed58a GetCurrentProcess TerminateProcess 84403->84404 84404->84368 84436 7e310 ConvertStringSecurityDescriptorToSecurityDescriptorW 84405->84436 84408 e8760 27 API calls 84411 79cc1 84408->84411 84409 7a048 error_info_injector 84410 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84409->84410 84412 79c11 InitOnceComplete 84410->84412 84414 9d900 27 API calls 84411->84414 84434 79e24 __Strxfrm 84411->84434 84412->84297 84412->84299 84413 7a072 84415 ed60f 11 API calls 84413->84415 84419 79cec 84414->84419 84416 7a077 84415->84416 84417 e8713 moneypunct 27 API calls 84420 79eec error_info_injector 84417->84420 84418 9d900 27 API calls 84422 79f7e 84418->84422 84421 9d900 27 API calls 84419->84421 84420->84413 84420->84418 84423 79d4c 84421->84423 84422->84409 84422->84413 84457 d3b8a 84423->84457 84427 79def 84428 7a06d Concurrency::cancel_current_task 84427->84428 84429 79e74 84427->84429 84430 79e9b 84427->84430 84427->84434 84428->84413 84429->84428 84431 79e7f 84429->84431 84433 e8713 moneypunct 27 API calls 84430->84433 84430->84434 84432 e8713 moneypunct 27 API calls 84431->84432 84432->84434 84433->84434 84434->84413 84434->84417 84437 7e376 error_info_injector 84436->84437 84438 7e37d 84436->84438 84440 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84437->84440 84481 7deb0 84438->84481 84442 79ca2 84440->84442 84441 7e3d9 84443 7e3dd 84441->84443 84444 7e3e8 __cftof 84441->84444 84442->84408 84442->84422 84443->84437 84447 7e62e 84443->84447 84445 7e425 GetModuleFileNameW 84444->84445 84446 7e443 84445->84446 84453 7e54f error_info_injector 84445->84453 84533 7daa0 29 API calls 4 library calls 84446->84533 84450 ed60f 11 API calls 84447->84450 84449 7e454 84449->84453 84534 7dc20 84449->84534 84451 7e633 84450->84451 84453->84443 84453->84447 84454 7e629 84456 ed60f 11 API calls 84454->84456 84455 7e49d error_info_injector 84455->84453 84455->84454 84456->84447 84643 d38db 84457->84643 84459 79dd9 84460 81130 84459->84460 84649 83d80 84460->84649 84464 81183 84465 813d8 84464->84465 84466 8119d 84464->84466 84681 734d0 21 API calls collate 84465->84681 84673 740e8 84466->84673 84469 ed60f 11 API calls 84471 813e2 84469->84471 84470 811bc 84677 83640 28 API calls __Strxfrm 84470->84677 84473 811cc 84678 83590 28 API calls __Strxfrm 84473->84678 84475 811df 84679 7f310 28 API calls 3 library calls 84475->84679 84477 811f5 84680 83590 28 API calls __Strxfrm 84477->84680 84479 81208 error_info_injector 84479->84469 84480 813b9 error_info_injector 84479->84480 84480->84427 84605 ea920 84481->84605 84484 7df16 84487 7dc20 93 API calls 84484->84487 84485 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84486 7e2ee 84485->84486 84486->84441 84488 7df5d error_info_injector 84487->84488 84489 7e2f2 84488->84489 84491 7e00f error_info_injector 84488->84491 84490 ed60f 11 API calls 84489->84490 84492 7e2f7 84490->84492 84607 7f520 84491->84607 84494 ed60f 11 API calls 84492->84494 84497 7e2fc 84494->84497 84495 7e084 84622 7e640 84495->84622 84499 ed60f 11 API calls 84497->84499 84500 7e301 84499->84500 84501 ed60f 11 API calls 84500->84501 84502 7e306 ConvertStringSecurityDescriptorToSecurityDescriptorW 84501->84502 84505 7e37d 84502->84505 84515 7e376 error_info_injector 84502->84515 84503 7e0e8 error_info_injector 84503->84503 84507 7dc20 93 API calls 84503->84507 84528 7e2bd error_info_injector 84503->84528 84506 7deb0 93 API calls 84505->84506 84509 7e3d9 84506->84509 84514 7e143 error_info_injector 84507->84514 84508 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84510 7e625 84508->84510 84511 7e3e8 __cftof 84509->84511 84516 7e3dd 84509->84516 84510->84441 84512 7e425 GetModuleFileNameW 84511->84512 84513 7e443 84512->84513 84529 7e54f error_info_injector 84512->84529 84637 7daa0 29 API calls 4 library calls 84513->84637 84514->84497 84517 7e1f5 error_info_injector 84514->84517 84515->84508 84516->84515 84518 7e62e 84516->84518 84521 7f520 28 API calls 84517->84521 84522 ed60f 11 API calls 84518->84522 84520 7e454 84525 7dc20 93 API calls 84520->84525 84520->84529 84523 7e264 84521->84523 84524 7e633 84522->84524 84526 7e640 87 API calls 84523->84526 84531 7e49d error_info_injector 84525->84531 84527 7e27d 84526->84527 84527->84500 84527->84528 84528->84485 84529->84516 84529->84518 84530 7e629 84532 ed60f 11 API calls 84530->84532 84531->84529 84531->84530 84532->84518 84533->84449 84535 7dc55 84534->84535 84536 7dc83 84534->84536 84537 7f520 28 API calls 84535->84537 84538 7dd83 84536->84538 84539 7dcaa 84536->84539 84540 7dc71 84537->84540 84542 7f520 28 API calls 84538->84542 84541 7f520 28 API calls 84539->84541 84540->84455 84543 7dcb9 84541->84543 84544 7dd92 84542->84544 84546 7f520 28 API calls 84543->84546 84545 7f520 28 API calls 84544->84545 84547 7ddc0 84545->84547 84548 7dce7 84546->84548 84641 7f310 28 API calls 3 library calls 84547->84641 84640 7f310 28 API calls 3 library calls 84548->84640 84551 7dd67 error_info_injector 84551->84455 84552 ed60f 11 API calls 84553 7dea8 __cftof 84552->84553 84555 7def8 SHGetSpecialFolderPathW 84553->84555 84554 7dcfd error_info_injector 84554->84551 84554->84552 84556 7df16 84555->84556 84600 7e2bd error_info_injector 84555->84600 84559 7dc20 93 API calls 84556->84559 84557 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84558 7e2ee 84557->84558 84558->84455 84560 7df5d error_info_injector 84559->84560 84561 7e2f2 84560->84561 84563 7e00f error_info_injector 84560->84563 84562 ed60f 11 API calls 84561->84562 84564 7e2f7 84562->84564 84565 7f520 28 API calls 84563->84565 84566 ed60f 11 API calls 84564->84566 84567 7e084 84565->84567 84569 7e2fc 84566->84569 84568 7e640 87 API calls 84567->84568 84570 7e09d 84568->84570 84571 ed60f 11 API calls 84569->84571 84570->84564 84575 7e0e8 error_info_injector 84570->84575 84572 7e301 84571->84572 84573 ed60f 11 API calls 84572->84573 84574 7e306 ConvertStringSecurityDescriptorToSecurityDescriptorW 84573->84574 84577 7e37d 84574->84577 84587 7e376 error_info_injector 84574->84587 84575->84575 84579 7dc20 93 API calls 84575->84579 84575->84600 84578 7deb0 93 API calls 84577->84578 84581 7e3d9 84578->84581 84586 7e143 error_info_injector 84579->84586 84580 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84582 7e625 84580->84582 84583 7e3e8 __cftof 84581->84583 84588 7e3dd 84581->84588 84582->84455 84584 7e425 GetModuleFileNameW 84583->84584 84585 7e443 84584->84585 84601 7e54f error_info_injector 84584->84601 84642 7daa0 29 API calls 4 library calls 84585->84642 84586->84569 84589 7e1f5 error_info_injector 84586->84589 84587->84580 84588->84587 84590 7e62e 84588->84590 84593 7f520 28 API calls 84589->84593 84594 ed60f 11 API calls 84590->84594 84592 7e454 84597 7dc20 93 API calls 84592->84597 84592->84601 84595 7e264 84593->84595 84596 7e633 84594->84596 84598 7e640 87 API calls 84595->84598 84603 7e49d error_info_injector 84597->84603 84599 7e27d 84598->84599 84599->84572 84599->84600 84600->84557 84601->84588 84601->84590 84602 7e629 84604 ed60f 11 API calls 84602->84604 84603->84601 84603->84602 84604->84590 84606 7def8 SHGetSpecialFolderPathW 84605->84606 84606->84484 84606->84528 84610 7f541 __Strxfrm 84607->84610 84611 7f571 84607->84611 84608 7f677 84638 734d0 21 API calls collate 84608->84638 84610->84495 84611->84608 84612 7f672 Concurrency::cancel_current_task 84611->84612 84614 7f5d3 84611->84614 84615 7f5fa 84611->84615 84612->84608 84613 ed60f 11 API calls 84616 7f681 84613->84616 84614->84612 84617 7f5de 84614->84617 84619 e8713 moneypunct 27 API calls 84615->84619 84620 7f5e4 __Strxfrm 84615->84620 84618 e8713 moneypunct 27 API calls 84617->84618 84618->84620 84619->84620 84620->84613 84621 7f658 error_info_injector 84620->84621 84621->84495 84623 7e680 GetFileAttributesW 84622->84623 84624 7e67e 84622->84624 84628 7e690 84623->84628 84633 7e724 error_info_injector 84623->84633 84624->84623 84625 7e736 CreateDirectoryW 84626 7e742 GetLastError 84625->84626 84627 7e09d 84625->84627 84626->84627 84627->84492 84627->84503 84628->84628 84629 7f520 28 API calls 84628->84629 84628->84633 84630 7e6ec 84629->84630 84639 7d6d0 83 API calls 84630->84639 84632 7e6f8 84632->84633 84634 7e77d 84632->84634 84633->84625 84635 ed60f 11 API calls 84634->84635 84636 7e782 84635->84636 84637->84520 84639->84632 84640->84554 84641->84554 84642->84592 84644 d38e8 84643->84644 84645 d38a6 InitializeCriticalSectionEx 84644->84645 84646 d38c4 InitializeSRWLock 84644->84646 84645->84459 84646->84459 84682 ea3a0 84649->84682 84652 83e0b OutputDebugStringW 84663 83e57 error_info_injector __Strxfrm 84652->84663 84653 83e15 84653->84652 84656 83e3e 84653->84656 84655 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84657 81172 84655->84657 84658 83e4a 84656->84658 84659 83f81 OutputDebugStringW 84656->84659 84672 83fd0 70 API calls 2 library calls 84657->84672 84660 83fc0 84658->84660 84658->84663 84665 83e90 84658->84665 84659->84663 84684 734d0 21 API calls collate 84660->84684 84662 83fc5 84666 ed60f 11 API calls 84662->84666 84663->84655 84664 83fca Concurrency::cancel_current_task 84665->84664 84667 83f0e 84665->84667 84668 83ee7 84665->84668 84666->84664 84670 e8713 moneypunct 27 API calls 84667->84670 84671 83ef8 __Strxfrm 84667->84671 84668->84664 84669 e8713 moneypunct 27 API calls 84668->84669 84669->84671 84670->84671 84671->84662 84671->84663 84672->84464 84674 74122 84673->84674 84676 74147 __Strxfrm 84673->84676 84685 733c3 28 API calls collate 84674->84685 84676->84470 84677->84473 84678->84475 84679->84477 84680->84479 84683 83de7 WTSGetActiveConsoleSessionId 84682->84683 84683->84652 84683->84653 84685->84676 84686->84315 84687->84317 84688->84319 84689->84310 84691 780f9 84690->84691 84705 78185 error_info_injector 84690->84705 84709 77f60 84691->84709 84695 78109 84725 781d0 28 API calls 5 library calls 84695->84725 84697 78119 84726 789b0 84697->84726 84699 78130 84700 74300 5 API calls 84699->84700 84701 7813e 84700->84701 84737 78730 75 API calls 2 library calls 84701->84737 84703 7814b 84704 74300 5 API calls 84703->84704 84706 78156 84704->84706 84705->84323 84706->84705 84707 ed60f 11 API calls 84706->84707 84708 781c5 84707->84708 84710 77faa 84709->84710 84720 78076 84709->84720 84738 d3cd6 84710->84738 84712 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84713 7809e 84712->84713 84721 74300 84713->84721 84714 77faf std::_Stofx_v2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 84714->84714 84741 79620 76 API calls 2 library calls 84714->84741 84716 78036 84742 78530 75 API calls 2 library calls 84716->84742 84718 7806b 84719 74300 5 API calls 84718->84719 84719->84720 84720->84712 84723 7430c __EH_prolog3_catch 84721->84723 84748 72c9c 84723->84748 84724 7436d moneypunct 84724->84695 84725->84697 84727 789ff 84726->84727 84728 72c9c 5 API calls 84727->84728 84733 78a1b 84728->84733 84729 78bce 84729->84699 84731 78c51 84732 ea332 CallUnexpected RaiseException 84731->84732 84734 78c5f 84732->84734 84733->84729 84753 728d1 27 API calls 3 library calls 84733->84753 84754 ee960 84734->84754 84736 78c71 error_info_injector 84736->84699 84737->84703 84743 d6d6a 84738->84743 84741->84716 84742->84718 84744 d6d7b GetSystemTimePreciseAsFileTime 84743->84744 84745 d6d87 GetSystemTimeAsFileTime 84743->84745 84746 d3ce4 84744->84746 84745->84746 84746->84714 84750 72ca8 __EH_prolog3 84748->84750 84749 72cf7 moneypunct 84749->84724 84750->84749 84752 72c33 5 API calls 2 library calls 84750->84752 84752->84749 84753->84731 84755 102098 _free 14 API calls 84754->84755 84756 ee978 84755->84756 84756->84736 84759 7ba83 84757->84759 84758 7bba2 84922 734d0 21 API calls collate 84758->84922 84759->84758 84762 7bb9d Concurrency::cancel_current_task 84759->84762 84764 7bb64 84759->84764 84765 7bb43 84759->84765 84767 7baca __Strxfrm 84759->84767 84761 7bb50 84763 ed60f 11 API calls 84761->84763 84761->84767 84762->84758 84766 7bbac 84763->84766 84764->84767 84769 e8713 moneypunct 27 API calls 84764->84769 84765->84762 84768 7bb4a 84765->84768 84767->84334 84770 e8713 moneypunct 27 API calls 84768->84770 84769->84767 84770->84761 84772 820f9 84771->84772 84774 82123 84771->84774 84772->84774 84923 f4ef7 84772->84923 84774->84335 84960 d3bab 84775->84960 84778 808e8 84781 808f4 ConvertStringSecurityDescriptorToSecurityDescriptorW 84778->84781 84784 80a51 __cftof 84778->84784 84779 81045 85025 d3faf 84779->85025 84785 80911 84781->84785 84796 80fdb std::ios_base::_Ios_base_dtor __Mtx_unlock 84781->84796 84782 8104b 84783 ed60f 11 API calls 84782->84783 84791 80f65 84783->84791 84963 83110 84784->84963 84788 7f520 28 API calls 84785->84788 84786 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84789 8103f 84786->84789 84792 80991 84788->84792 84789->84335 85040 728d1 27 API calls 3 library calls 84791->85040 84795 7e640 87 API calls 84792->84795 84798 809a4 84795->84798 84796->84786 84798->84782 84802 809ec error_info_injector 84798->84802 84801 81087 84807 ea332 CallUnexpected RaiseException 84801->84807 84804 80a1d 84802->84804 84805 80a31 84802->84805 84804->84796 84809 80a25 LocalFree 84804->84809 84805->84784 84808 80a42 LocalFree 84805->84808 84810 81098 84807->84810 84808->84784 84809->84796 84846 807cb error_info_injector 84845->84846 84847 ed60f 11 API calls 84846->84847 84848 8083b __Mtx_destroy_in_situ error_info_injector 84846->84848 84849 80884 84847->84849 84848->84335 84850 d3bab 13 API calls 84849->84850 84851 808dd 84850->84851 84852 808e8 84851->84852 84853 81045 84851->84853 84855 808f4 ConvertStringSecurityDescriptorToSecurityDescriptorW 84852->84855 84858 80a51 __cftof 84852->84858 84854 d3faf 79 API calls 84853->84854 84856 8104b 84854->84856 84859 80911 84855->84859 84870 80fdb std::ios_base::_Ios_base_dtor __Mtx_unlock 84855->84870 84857 ed60f 11 API calls 84856->84857 84868 80f65 84857->84868 84861 83110 102 API calls 84858->84861 84862 7f520 28 API calls 84859->84862 84860 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 84863 8103f 84860->84863 84864 80a84 84861->84864 84865 80991 84862->84865 84863->84335 84866 80fa9 84864->84866 84873 e8713 moneypunct 27 API calls 84864->84873 84917 80c43 __Strxfrm 84864->84917 84869 7e640 87 API calls 84865->84869 85290 82b90 73 API calls error_info_injector 84866->85290 85291 728d1 27 API calls 3 library calls 84868->85291 84872 809a4 84869->84872 84870->84860 84872->84856 84876 809ec error_info_injector 84872->84876 84877 80ae1 __cftof 84873->84877 84874 789b0 27 API calls 84880 80d38 84874->84880 84875 81087 84881 ea332 CallUnexpected RaiseException 84875->84881 84878 80a1d 84876->84878 84879 80a31 84876->84879 84885 d3367 std::_Lockit::_Lockit 7 API calls 84877->84885 84878->84870 84883 80a25 LocalFree 84878->84883 84879->84858 84882 80a42 LocalFree 84879->84882 84886 72c9c 5 API calls 84880->84886 84892 80d68 84880->84892 84884 81098 84881->84884 84882->84858 84883->84870 84887 80b0d 84885->84887 84886->84892 85283 d3184 72 API calls 2 library calls 84887->85283 84888 72c9c 5 API calls 84889 80e1f 84888->84889 84899 80e6e 84889->84899 84918 82380 70 API calls 84889->84918 84891 80b55 85284 d33f6 48 API calls 4 library calls 84891->85284 84892->84866 84892->84868 84892->84888 84894 80b61 85285 73128 72 API calls 3 library calls 84894->85285 84896 80b8b 84897 d3084 std::locale::_Init 57 API calls 84896->84897 84898 80b9c 84897->84898 85286 d31e9 77 API calls 3 library calls 84898->85286 84899->84866 84901 83030 73 API calls 84899->84901 84902 80f29 84901->84902 84902->84868 84906 80f78 84902->84906 84903 80ba9 84904 80be6 84903->84904 84907 d3367 std::_Lockit::_Lockit 7 API calls 84903->84907 85287 d5688 77 API calls 9 library calls 84904->85287 85288 7e790 34 API calls 2 library calls 84906->85288 84908 80bc5 84907->84908 84911 d33bf std::_Lockit::~_Lockit 2 API calls 84908->84911 84909 80bf7 84913 80c1e 84909->84913 84915 ee960 std::_Locinfo::~_Locinfo 14 API calls 84909->84915 84909->84917 84911->84904 84912 80f9f 85289 81740 28 API calls 84912->85289 84916 f594f _Yarn 15 API calls 84913->84916 84915->84913 84916->84917 84917->84874 84918->84899 85292 7cc80 84919->85292 84921 7cd2f error_info_injector 84921->84331 84924 f4f09 84923->84924 84927 f4f12 ___scrt_uninitialize_crt 84923->84927 84939 f4d9c 72 API calls ___scrt_uninitialize_crt 84924->84939 84926 f4f0f 84926->84774 84928 f4f23 84927->84928 84931 f4d3c 84927->84931 84928->84774 84932 f4d48 __FrameHandler3::FrameUnwindToState 84931->84932 84940 f582c EnterCriticalSection 84932->84940 84934 f4d56 84941 f4ea6 84934->84941 84938 f4d79 84938->84774 84939->84926 84940->84934 84942 f4ebc 84941->84942 84943 f4eb3 84941->84943 84952 f4e41 84942->84952 84958 f4d9c 72 API calls ___scrt_uninitialize_crt 84943->84958 84946 f4d67 84951 f4d90 LeaveCriticalSection ___scrt_uninitialize_crt 84946->84951 84948 102e1c __FrameHandler3::FrameUnwindToState 14 API calls 84949 f4ed8 84948->84949 84959 1056f0 18 API calls 3 library calls 84949->84959 84951->84938 84953 f4e59 84952->84953 84957 f4e7e 84952->84957 84954 102e1c __FrameHandler3::FrameUnwindToState 14 API calls 84953->84954 84953->84957 84955 f4e77 84954->84955 84956 105ee6 __wsopen_s 68 API calls 84955->84956 84956->84957 84957->84946 84957->84948 84958->84946 84959->84946 85041 d394b 84960->85041 85061 7be30 84963->85061 85026 d3fba 85025->85026 85027 d3fcd 85026->85027 85028 f41c9 85026->85028 85279 d3fdc 78 API calls CallUnexpected 85027->85279 85280 104be4 EnterCriticalSection LeaveCriticalSection __FrameHandler3::FrameUnwindToState 85028->85280 85031 f41ce 85032 f41d9 85031->85032 85281 104c32 48 API calls 6 library calls 85031->85281 85034 f4202 85032->85034 85035 f41e3 IsProcessorFeaturePresent 85032->85035 85282 fe9c0 23 API calls __FrameHandler3::FrameUnwindToState 85034->85282 85036 f41ef 85035->85036 85038 ed453 __FrameHandler3::FrameUnwindToState 8 API calls 85036->85038 85038->85034 85039 f420c 85040->84801 85042 d39a1 85041->85042 85043 d3973 GetCurrentThreadId 85041->85043 85044 d39a5 GetCurrentThreadId 85042->85044 85047 d3a05 85042->85047 85045 d397e GetCurrentThreadId 85043->85045 85051 d3999 85043->85051 85056 d39b0 85044->85056 85045->85051 85046 d3a9e GetCurrentThreadId 85046->85056 85047->85046 85049 d3a25 85047->85049 85048 d3ad5 GetCurrentThreadId 85048->85051 85059 d3cfd GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 85049->85059 85050 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 85053 808dd 85050->85053 85051->85050 85053->84778 85053->84779 85055 d3a55 GetCurrentThreadId 85055->85056 85057 d3a30 __Xtime_diff_to_millis2 85055->85057 85056->85048 85056->85051 85057->85051 85057->85055 85057->85056 85060 d3cfd GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 85057->85060 85059->85057 85060->85057 85087 7c0c0 85061->85087 85066 7be6f 85067 7be7c 85066->85067 85096 d2bab 9 API calls 2 library calls 85066->85096 85069 7be86 85097 728d1 27 API calls 3 library calls 85069->85097 85088 e8713 moneypunct 27 API calls 85087->85088 85089 7c13a 85088->85089 85090 d3084 std::locale::_Init 57 API calls 85089->85090 85091 7be3b 85090->85091 85092 7bff0 85091->85092 85093 7c02e 85092->85093 85098 732de 85093->85098 85096->85067 85099 732ea __EH_prolog3_GS 85098->85099 85100 d3367 std::_Lockit::_Lockit 7 API calls 85099->85100 85101 732f7 85100->85101 85118 72d14 14 API calls 3 library calls 85101->85118 85103 7330e std::locale::_Locimp::_Makeushloc 85115 73320 85103->85115 85119 731d9 75 API calls 4 library calls 85103->85119 85104 d33bf std::_Lockit::~_Lockit 2 API calls 85105 73365 85104->85105 85121 e8def 5 API calls __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 85105->85121 85108 7332e 85110 73335 85108->85110 85111 7336d 85108->85111 85120 d3052 27 API calls moneypunct 85110->85120 85122 73268 RaiseException Concurrency::cancel_current_task error_info_injector CallUnexpected 85111->85122 85114 73372 85123 d32da LCMapStringEx ___crtLCMapStringW 85114->85123 85115->85104 85117 7338d 85117->85066 85117->85069 85118->85103 85119->85108 85120->85115 85122->85114 85123->85117 85279->85027 85280->85031 85281->85032 85282->85039 85283->84891 85284->84894 85285->84896 85286->84903 85287->84909 85288->84912 85290->84870 85291->84875 85293 7cccb error_info_injector 85292->85293 85294 7cc89 85292->85294 85293->84921 85294->85293 85295 ed60f 11 API calls 85294->85295 85296 7cd1f 85295->85296 85297 7cc80 11 API calls 85296->85297 85298 7cd2f error_info_injector 85297->85298 85298->84921 85299->84351 85300 829e0 85301 82a00 85300->85301 85302 82a15 85300->85302 85303 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 85301->85303 85305 82a2b 85302->85305 85312 82a54 85302->85312 85304 82a0f 85303->85304 85307 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 85305->85307 85306 82b4c 85308 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 85306->85308 85309 82a4e 85307->85309 85310 82b60 85308->85310 85312->85306 85315 82b07 85312->85315 85317 82a86 85312->85317 85313 82ae0 85313->85306 85314 82af0 85313->85314 85316 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 85314->85316 85319 82b1f 85315->85319 85321 f569d 70 API calls 85315->85321 85318 82b01 85316->85318 85317->85306 85324 f4762 52 API calls 4 library calls 85317->85324 85319->85306 85320 82b34 85319->85320 85322 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 85320->85322 85321->85319 85323 82b46 85322->85323 85324->85313 85325 1061fa 85326 106206 __FrameHandler3::FrameUnwindToState 85325->85326 85327 106223 85326->85327 85328 10620c 85326->85328 85336 f582c EnterCriticalSection 85327->85336 85329 ed73d __Wcrtomb 14 API calls 85328->85329 85335 106211 __wsopen_s 85329->85335 85331 106233 85337 10627a 85331->85337 85333 10623f 85356 106270 LeaveCriticalSection ___scrt_uninitialize_crt 85333->85356 85336->85331 85338 106288 85337->85338 85339 10629f 85337->85339 85340 ed73d __Wcrtomb 14 API calls 85338->85340 85341 102e1c __FrameHandler3::FrameUnwindToState 14 API calls 85339->85341 85342 10628d __wsopen_s 85340->85342 85343 1062a9 85341->85343 85342->85333 85344 106972 18 API calls 85343->85344 85345 1062c4 85344->85345 85346 106337 85345->85346 85347 10638c 85345->85347 85355 1062ee __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 85345->85355 85349 106365 85346->85349 85351 106351 85346->85351 85348 10639a 85347->85348 85347->85349 85350 ed73d __Wcrtomb 14 API calls 85348->85350 85349->85355 85358 1063fe 18 API calls 2 library calls 85349->85358 85350->85355 85357 1065bd 24 API calls 4 library calls 85351->85357 85353 10635d 85353->85355 85355->85333 85356->85335 85357->85353 85358->85355 85363 85204 RegOpenKeyExW 85364 852e2 85363->85364 85365 85244 RegQueryValueExW 85363->85365 85367 ee960 std::_Locinfo::~_Locinfo 14 API calls 85364->85367 85366 852ca RegCloseKey 85365->85366 85373 85275 85365->85373 85366->85364 85368 8538b 85366->85368 85369 852ea GetLastError 85367->85369 85370 853de OutputDebugStringW 85368->85370 85376 853fd __cftof 85368->85376 85369->85368 85413 84f50 85370->85413 85372 853f0 85375 8549c OutputDebugStringW 85372->85375 85378 85584 85372->85378 85373->85366 85374 852b4 SetLastError RegCloseKey 85373->85374 85374->85364 85429 84e60 85375->85429 85376->85372 85382 86ae0 5 API calls 85376->85382 85379 85703 85378->85379 85402 855c4 85378->85402 85381 8570c LoadLibraryExW 85379->85381 85390 856f7 85379->85390 85380 854b6 85380->85378 85384 84e60 3 API calls 85380->85384 85383 8571d GetLastError 85381->85383 85381->85390 85382->85372 85385 ee960 std::_Locinfo::~_Locinfo 14 API calls 85383->85385 85386 854c8 85384->85386 85385->85390 85391 ee960 std::_Locinfo::~_Locinfo 14 API calls 85386->85391 85392 85510 85386->85392 85395 854e8 85386->85395 85389 f594f _Yarn 15 API calls 85389->85392 85393 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 85390->85393 85391->85395 85397 84e60 3 API calls 85392->85397 85392->85402 85394 8577e 85393->85394 85395->85389 85396 ee960 std::_Locinfo::~_Locinfo 14 API calls 85396->85390 85398 85531 85397->85398 85433 84cc0 85398->85433 85400 84dc0 3 API calls 85401 8566a 85400->85401 85403 f594f _Yarn 15 API calls 85401->85403 85445 84dc0 85402->85445 85404 85697 85403->85404 85406 84dc0 3 API calls 85404->85406 85412 856e7 85404->85412 85405 85546 __cftof 85405->85402 85438 86ae0 85405->85438 85407 856ae 85406->85407 85409 84cc0 54 API calls 85407->85409 85410 856cd OutputDebugStringW 85409->85410 85411 ee960 std::_Locinfo::~_Locinfo 14 API calls 85410->85411 85411->85412 85412->85390 85412->85396 85414 84f98 85413->85414 85428 85099 85413->85428 85415 84fae GetCurrentDirectoryW 85414->85415 85414->85428 85417 8500b GetLastError 85415->85417 85418 84fc5 85415->85418 85416 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 85419 85109 85416->85419 85421 84fec 85417->85421 85420 84fd6 GetCurrentDirectoryW 85418->85420 85419->85372 85420->85421 85422 84ff2 GetLastError 85420->85422 85423 f594f _Yarn 15 API calls 85421->85423 85421->85428 85422->85421 85424 85045 85423->85424 85425 84cc0 54 API calls 85424->85425 85424->85428 85426 85064 __cftof 85425->85426 85427 86ae0 5 API calls 85426->85427 85426->85428 85427->85428 85428->85416 85430 84e73 85429->85430 85432 84e7c 85429->85432 85431 84dc0 3 API calls 85430->85431 85431->85432 85432->85380 85434 84d2d 85433->85434 85435 84cce swprintf 85433->85435 85434->85405 85435->85434 85453 f1faa 85435->85453 85439 86bb2 85438->85439 85441 86afc 85438->85441 85440 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 85439->85440 85442 86bc0 85440->85442 85443 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 85441->85443 85442->85378 85444 86bac 85443->85444 85444->85378 85446 84e49 85445->85446 85450 84dce 85445->85450 85446->85400 85446->85412 85447 84dec GetModuleFileNameW 85448 84e02 GetLastError 85447->85448 85449 84e23 85447->85449 85448->85449 85448->85450 85451 84e2f GetLastError 85449->85451 85452 84e28 85449->85452 85450->85447 85451->85452 85452->85446 85456 ef2ec 85453->85456 85457 ef32c 85456->85457 85458 ef314 85456->85458 85457->85458 85460 ef334 85457->85460 85459 ed73d __Wcrtomb 14 API calls 85458->85459 85462 ef319 __wsopen_s 85459->85462 85469 ee6db 48 API calls 2 library calls 85460->85469 85464 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 85462->85464 85463 ef344 swprintf 85470 f01c8 54 API calls 4 library calls 85463->85470 85465 84cf9 85464->85465 85465->85405 85468 ef3cb 85471 efafc 14 API calls _free 85468->85471 85469->85463 85470->85468 85471->85462 85472 e8aa2 85473 e8aae __FrameHandler3::FrameUnwindToState 85472->85473 85500 e83f9 11 API calls ___scrt_uninitialize_crt 85473->85500 85475 e8ab5 85476 e8c08 85475->85476 85479 e8adf ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState ___scrt_release_startup_lock 85475->85479 85509 e93f2 4 API calls 2 library calls 85476->85509 85478 e8c0f 85510 fe9fc 23 API calls __FrameHandler3::FrameUnwindToState 85478->85510 85484 e8afe 85479->85484 85485 e8b80 85479->85485 85488 e8b78 85479->85488 85481 e8c15 85511 fe9c0 23 API calls __FrameHandler3::FrameUnwindToState 85481->85511 85483 e8c1d 85501 e950d GetStartupInfoW __cftof 85485->85501 85487 e8b85 85502 759aa 85487->85502 85505 fc768 54 API calls 3 library calls 85488->85505 85490 e8b7f 85490->85485 85494 e8ba1 85494->85478 85495 e8ba5 85494->85495 85496 e8bae 85495->85496 85507 fe9b1 23 API calls __FrameHandler3::FrameUnwindToState 85495->85507 85508 e856a 79 API calls ___scrt_uninitialize_crt 85496->85508 85499 e8bb6 85499->85484 85500->85475 85501->85487 85512 74e1f 85502->85512 85505->85490 85506 e9543 GetModuleHandleW 85506->85494 85507->85496 85508->85499 85509->85478 85510->85481 85511->85483 85755 9d6d0 GetModuleHandleW 85512->85755 85514 74e6c 85515 74ec6 85514->85515 85517 79bb0 125 API calls 85514->85517 85759 74d63 85515->85759 85519 74e7a 85517->85519 85522 79940 164 API calls 85519->85522 85520 74ee0 85524 79bb0 125 API calls 85520->85524 85521 74f39 CoInitializeEx 85523 74f48 85521->85523 85525 74e8a 85522->85525 85527 74f56 85523->85527 85779 75a4f 85523->85779 85529 74ee5 85524->85529 85526 71b84 79 API calls 85525->85526 85530 74eab 85526->85530 85531 e8760 27 API calls 85527->85531 85532 79940 164 API calls 85529->85532 86005 71be0 76 API calls 85530->86005 85534 74f78 85531->85534 85535 74ef5 85532->85535 85816 75d57 85534->85816 85537 71b84 79 API calls 85535->85537 85536 74ebb 86006 7136c 85536->86006 85539 74f16 85537->85539 86009 71be0 76 API calls 85539->86009 85542 74f26 85544 7136c 163 API calls 85542->85544 85543 74f91 85545 74ff1 85543->85545 85546 74f9b 85543->85546 85548 74f31 85544->85548 85549 e8760 27 API calls 85545->85549 85547 79bb0 125 API calls 85546->85547 85550 74fa0 85547->85550 85553 758e3 CloseHandle 85548->85553 85554 758ef 85548->85554 85551 75004 85549->85551 85552 79940 164 API calls 85550->85552 85820 75db6 85551->85820 85555 74fb0 85552->85555 85553->85554 85556 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 85554->85556 85558 71b84 79 API calls 85555->85558 85559 7590c 85556->85559 85561 74fd1 85558->85561 85559->85506 85560 75020 85562 7502e 85560->85562 85563 7507b __cftof 85560->85563 86010 71be0 76 API calls 85561->86010 85565 79bb0 125 API calls 85562->85565 85569 e8760 27 API calls 85563->85569 85567 75033 85565->85567 85566 74fe1 85568 7136c 163 API calls 85566->85568 85570 79940 164 API calls 85567->85570 85587 74fec 85568->85587 85571 750c0 85569->85571 85572 75043 85570->85572 85576 750d6 85571->85576 86012 86bd0 29 API calls 3 library calls 85571->86012 85573 71b84 79 API calls 85572->85573 85577 7505b 85573->85577 85824 75e16 85576->85824 86011 71be0 76 API calls 85577->86011 85578 758ce 85578->85548 85581 758d4 CoUninitialize 85578->85581 85581->85548 85582 750e7 85584 750f2 85582->85584 85589 75143 85582->85589 85583 7506b 85585 7136c 163 API calls 85583->85585 85586 79bb0 125 API calls 85584->85586 85585->85587 85588 750f7 85586->85588 86036 759c2 ReleaseMutex 85587->86036 85590 79940 164 API calls 85588->85590 85830 a3670 85589->85830 85592 75107 85590->85592 85594 71b84 79 API calls 85592->85594 85597 75123 85594->85597 85595 751f7 CommandLineToArgvW 85607 75235 85595->85607 85608 75284 __cftof 85595->85608 85596 751ab 85599 79bb0 125 API calls 85596->85599 86013 71be0 76 API calls 85597->86013 85601 751b0 85599->85601 85600 75133 85603 7136c 163 API calls 85600->85603 85602 79940 164 API calls 85601->85602 85610 79bb0 125 API calls 85607->85610 85612 75296 GetModuleFileNameW 85608->85612 85756 9d6fd 85755->85756 85757 9d6df GetProcAddress 85755->85757 85756->85514 85757->85756 85758 9d6ef 85757->85758 85758->85514 86037 74c8e GetCurrentProcessId 85759->86037 85762 74d7f CreateMutexW 85763 74df4 WaitForSingleObject 85762->85763 85764 74d92 85762->85764 85765 74df0 85763->85765 85766 74e06 85763->85766 85767 79bb0 125 API calls 85764->85767 85765->85520 85765->85521 85766->85765 85768 74e0b CloseHandle 85766->85768 85769 74d97 85767->85769 85768->85765 85770 79940 164 API calls 85769->85770 85771 74da5 85770->85771 85772 71b84 79 API calls 85771->85772 85773 74dc2 85772->85773 86049 71be0 76 API calls 85773->86049 85775 74dd0 GetLastError 85776 76140 75 API calls 85775->85776 85777 74de7 85776->85777 85778 7136c 163 API calls 85777->85778 85778->85765 85780 75a5e __EH_prolog3_GS 85779->85780 86168 75c1e 85780->86168 85783 75a78 85784 79bb0 125 API calls 85783->85784 85786 75a7d 85784->85786 85785 75b92 _com_issue_error 85787 79940 164 API calls 85786->85787 85788 75a8d 85787->85788 85790 71b84 79 API calls 85788->85790 85789 75acc 85789->85785 85791 75af5 85789->85791 85792 75b38 85789->85792 85793 75aa9 85790->85793 85794 79bb0 125 API calls 85791->85794 85796 79bb0 125 API calls 85792->85796 86175 71be0 76 API calls 85793->86175 85797 75afa 85794->85797 85799 75b3d 85796->85799 85800 79940 164 API calls 85797->85800 85798 75ab9 86176 76300 75 API calls 85798->86176 85802 79940 164 API calls 85799->85802 85803 75b0a 85800->85803 85805 75b4d 85802->85805 85806 71b84 79 API calls 85803->85806 85804 75ac7 85809 7136c 163 API calls 85804->85809 85807 71b84 79 API calls 85805->85807 85810 75b26 85806->85810 85808 75b69 85807->85808 86178 71be0 76 API calls 85808->86178 85812 75b84 85809->85812 86177 71be0 76 API calls 85810->86177 86179 e8def 5 API calls __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 85812->86179 85817 75d63 __EH_prolog3 85816->85817 85818 e8713 moneypunct 27 API calls 85817->85818 85819 75d7c moneypunct error_info_injector 85818->85819 85819->85543 85821 75dc2 __EH_prolog3 85820->85821 85822 e8713 moneypunct 27 API calls 85821->85822 85823 75ddb moneypunct 85822->85823 85823->85560 85825 75e22 __EH_prolog3 85824->85825 85826 e8713 moneypunct 27 API calls 85825->85826 85827 75e3b 85826->85827 86180 75eee 85827->86180 85829 75e6c moneypunct 85829->85582 85831 a36ae 85830->85831 85862 a3977 85831->85862 86185 86d24 85831->86185 85833 a3750 85834 e8713 moneypunct 27 API calls 85833->85834 85833->85862 85835 a375f 85834->85835 85840 a3799 85835->85840 86352 a8ba0 27 API calls moneypunct 85835->86352 85836 a39df 85838 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 85836->85838 85841 751a7 85838->85841 86231 a9400 GetModuleHandleW 85840->86231 85841->85595 85841->85596 85862->85836 86359 a8650 85862->86359 86005->85536 86007 7b8a0 163 API calls 86006->86007 86008 7139a std::ios_base::_Ios_base_dtor 86007->86008 86008->85515 86009->85542 86010->85566 86011->85583 86012->85576 86013->85600 86036->85578 86038 74cb0 CreateToolhelp32Snapshot 86037->86038 86039 74cc5 Process32FirstW 86038->86039 86047 74cdd 86038->86047 86039->86047 86040 74d44 86043 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 86040->86043 86041 74ce3 Process32NextW 86041->86047 86045 74d58 86043->86045 86044 74cf9 CloseHandle 86044->86047 86045->85762 86045->85765 86047->86038 86047->86040 86047->86041 86047->86044 86048 73899 5 API calls 86047->86048 86050 84590 86047->86050 86061 f2041 49 API calls 2 library calls 86047->86061 86048->86047 86049->85775 86062 84760 86050->86062 86053 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 86056 8468c 86053->86056 86054 84693 86057 ed60f 11 API calls 86054->86057 86055 84650 error_info_injector 86055->86053 86056->86047 86059 84698 86057->86059 86058 846b3 86058->86047 86059->86058 86060 846ac CloseHandle 86059->86060 86060->86058 86061->86047 86073 84200 OpenProcess 86062->86073 86064 847a8 86066 847b2 86064->86066 86145 7daa0 29 API calls 4 library calls 86064->86145 86068 84935 86066->86068 86069 847e2 error_info_injector 86066->86069 86067 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 86070 84604 86067->86070 86071 ed60f 11 API calls 86068->86071 86069->86067 86070->86054 86070->86055 86072 8493a 86071->86072 86074 84267 86073->86074 86076 84310 86073->86076 86075 79bb0 125 API calls 86074->86075 86077 8426c 86075->86077 86083 8447f 86076->86083 86146 846c0 86076->86146 86079 79940 164 API calls 86077->86079 86081 8427c 86079->86081 86080 84351 QueryFullProcessImageNameW 86080->86076 86082 84375 GetLastError 86080->86082 86084 71b84 79 API calls 86081->86084 86082->86076 86085 84387 86082->86085 86086 79bb0 125 API calls 86083->86086 86087 84298 86084->86087 86088 79bb0 125 API calls 86085->86088 86089 84484 86086->86089 86162 71cc0 76 API calls 86087->86162 86091 8438c 86088->86091 86092 79940 164 API calls 86089->86092 86094 79940 164 API calls 86091->86094 86095 84494 86092->86095 86093 842a3 86096 76140 75 API calls 86093->86096 86097 8439c 86094->86097 86099 71b84 79 API calls 86095->86099 86100 842b1 86096->86100 86098 71b84 79 API calls 86097->86098 86101 843b8 86098->86101 86102 844b0 86099->86102 86103 84940 76 API calls 86100->86103 86152 849d0 86101->86152 86163 71be0 76 API calls 86102->86163 86106 842bc GetLastError 86103->86106 86107 76140 75 API calls 86106->86107 86110 842d3 86107->86110 86108 843c3 86111 76140 75 API calls 86108->86111 86109 844c0 86112 76140 75 API calls 86109->86112 86114 7b8a0 163 API calls 86110->86114 86115 843d1 86111->86115 86113 844ce 86112->86113 86164 84a60 76 API calls 86113->86164 86123 842de std::ios_base::_Ios_base_dtor 86114->86123 86157 84940 86115->86157 86118 844d9 86120 74190 5 API calls 86118->86120 86119 843dc 86121 76140 75 API calls 86119->86121 86122 844f5 86120->86122 86124 843ea 86121->86124 86125 7b8a0 163 API calls 86122->86125 86127 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 86123->86127 86126 7b8a0 163 API calls 86124->86126 86131 84462 std::ios_base::_Ios_base_dtor error_info_injector 86125->86131 86129 843f5 std::ios_base::_Ios_base_dtor 86126->86129 86128 8457a 86127->86128 86128->86064 86129->86131 86132 84581 86129->86132 86130 8455a CloseHandle 86130->86123 86131->86123 86131->86130 86133 ed60f 11 API calls 86132->86133 86134 84586 86133->86134 86135 84760 203 API calls 86134->86135 86136 84604 86135->86136 86138 84693 86136->86138 86139 84650 error_info_injector 86136->86139 86137 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 86140 8468c 86137->86140 86141 ed60f 11 API calls 86138->86141 86139->86137 86140->86064 86142 84698 86141->86142 86143 846b3 86142->86143 86144 846ac CloseHandle 86142->86144 86143->86064 86144->86143 86145->86066 86147 846d3 86146->86147 86149 846e9 86146->86149 86147->86080 86148 846fa 86148->86080 86149->86148 86165 78eb0 28 API calls 4 library calls 86149->86165 86151 8474a 86151->86080 86153 84a0c 86152->86153 86154 84a3e 86152->86154 86166 720a0 76 API calls 4 library calls 86153->86166 86154->86108 86156 84a1e 86156->86108 86158 8497c 86157->86158 86159 849ae 86157->86159 86167 720a0 76 API calls 4 library calls 86158->86167 86159->86119 86161 8498e 86161->86119 86162->86093 86163->86109 86164->86118 86165->86151 86166->86156 86167->86161 86169 75c64 CoCreateInstance 86168->86169 86170 75c54 86168->86170 86171 75c86 OleRun 86169->86171 86174 75c95 86169->86174 86170->86169 86171->86174 86172 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 86173 75a71 86172->86173 86173->85783 86173->85789 86174->86172 86175->85798 86176->85804 86177->85798 86178->85804 86181 75ef5 86180->86181 86183 75efc error_info_injector 86180->86183 86184 75f8a 5 API calls 2 library calls 86181->86184 86183->85829 86186 86d30 86185->86186 86193 86ec8 std::ios_base::_Ios_base_dtor __Mtx_unlock 86185->86193 86187 86d3e 86186->86187 86188 86dff 86186->86188 86190 e8760 27 API calls 86187->86190 86189 e8760 27 API calls 86188->86189 86191 86e09 86189->86191 86192 86d48 86190->86192 86204 86db6 86191->86204 86392 8ce00 86191->86392 86195 8ce00 210 API calls 86192->86195 86192->86204 86193->85833 86196 86d63 86195->86196 86198 86ed1 86199 86e52 86204->86198 86204->86199 86352->85840 86360 a8b75 86359->86360 86370 a86ab swprintf 86359->86370 87329 a8400 91 API calls 3 library calls 86360->87329 86362 a8b89 86364 a88f1 error_info_injector 86362->86364 86365 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 86364->86365 86367 f1faa swprintf 54 API calls 86367->86370 86368 a870d __cftof 87323 91820 86368->87323 86370->86367 86370->86368 86375 a8895 86370->86375 87322 79050 28 API calls 86370->87322 87309 74880 86375->87309 86393 e8713 moneypunct 27 API calls 86392->86393 87310 79bb0 125 API calls 87309->87310 87311 748ad 87310->87311 87322->86370 87324 91858 87323->87324 87325 7be30 78 API calls 87324->87325 87329->86362 89184 95318 89185 e88fa 6 API calls 89184->89185 89186 95322 89185->89186 89188 e8713 moneypunct 27 API calls 89186->89188 89284 9571a 89186->89284 89190 9535e 89188->89190 89189 9575a GetModuleHandleW 89194 95816 89189->89194 89301 94a40 89190->89301 89193 953a7 89195 94a40 33 API calls 89193->89195 89197 96440 27 API calls 89194->89197 89196 953ba 89195->89196 89198 94a40 33 API calls 89196->89198 89199 95885 89197->89199 89200 953cb 89198->89200 89318 965c0 89199->89318 89323 961f0 29 API calls 3 library calls 89200->89323 89203 9588c 89205 96440 27 API calls 89203->89205 89204 953e9 89206 94a40 33 API calls 89204->89206 89210 9595c 89205->89210 89207 95486 89206->89207 89208 94a40 33 API calls 89207->89208 89209 95499 89208->89209 89211 94a40 33 API calls 89209->89211 89215 96440 27 API calls 89210->89215 89212 954aa 89211->89212 89324 961f0 29 API calls 3 library calls 89212->89324 89214 954c8 89216 94a40 33 API calls 89214->89216 89224 95ae8 89215->89224 89217 95565 89216->89217 89218 94a40 33 API calls 89217->89218 89219 95578 89218->89219 89220 94a40 33 API calls 89219->89220 89221 95589 89220->89221 89325 961f0 29 API calls 3 library calls 89221->89325 89223 955a7 89228 94a40 33 API calls 89223->89228 89250 95b83 std::ios_base::_Ios_base_dtor error_info_injector 89224->89250 89329 711f3 29 API calls 2 library calls 89224->89329 89226 95bdb 89229 95be6 89226->89229 89237 95cfc error_info_injector 89226->89237 89227 96440 27 API calls 89235 95cc5 89227->89235 89230 9564e 89228->89230 89231 79bb0 125 API calls 89229->89231 89232 94a40 33 API calls 89230->89232 89234 95beb 89231->89234 89236 95661 89232->89236 89233 96440 27 API calls 89238 95d62 89233->89238 89239 79940 164 API calls 89234->89239 89240 95e30 89235->89240 89241 95de7 89235->89241 89257 95cd3 __Strxfrm 89235->89257 89242 94a40 33 API calls 89236->89242 89237->89233 89238->89250 89331 8aad0 28 API calls 4 library calls 89238->89331 89243 95bfb 89239->89243 89254 e8713 moneypunct 27 API calls 89240->89254 89240->89257 89244 95df2 89241->89244 89245 96085 Concurrency::cancel_current_task 89241->89245 89246 95672 89242->89246 89248 71b84 79 API calls 89243->89248 89252 e8713 moneypunct 27 API calls 89244->89252 89251 9608a 89245->89251 89326 961f0 29 API calls 3 library calls 89246->89326 89249 95c17 89248->89249 89330 71be0 76 API calls 89249->89330 89250->89227 89256 ed60f 11 API calls 89251->89256 89252->89257 89254->89257 89260 9608f 89256->89260 89257->89251 89263 95ebc error_info_injector 89257->89263 89258 95690 89266 e8713 moneypunct 27 API calls 89258->89266 89259 95c27 89261 7b8a0 163 API calls 89259->89261 89262 ed60f 11 API calls 89260->89262 89261->89250 89278 96094 error_info_injector 89262->89278 89265 96440 27 API calls 89263->89265 89281 95f73 error_info_injector 89263->89281 89264 95f82 GetModuleHandleW 89267 95fc1 89264->89267 89268 95f95 GetProcAddress 89264->89268 89269 95f2f 89265->89269 89270 956d2 89266->89270 89276 96440 27 API calls 89267->89276 89268->89267 89272 95fa7 GetCurrentProcess 89268->89272 89273 95f45 89269->89273 89332 8aad0 28 API calls 4 library calls 89269->89332 89327 e85bf 17 API calls 89270->89327 89272->89267 89273->89260 89273->89264 89273->89281 89275 95710 89328 e88b0 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 89275->89328 89282 96022 89276->89282 89277 960f4 89288 9610e SysFreeString 89277->89288 89292 9611b error_info_injector 89277->89292 89293 96166 error_info_injector 89278->89293 89337 967b0 12 API calls error_info_injector 89278->89337 89281->89264 89333 736db 27 API calls collate 89282->89333 89283 ed60f 11 API calls 89286 961d9 89283->89286 89308 96440 89284->89308 89287 9602a 89334 7372a 5 API calls collate 89287->89334 89288->89292 89289 961b4 error_info_injector 89290 96159 SysFreeString 89290->89293 89292->89290 89292->89293 89293->89283 89293->89289 89294 96032 89335 7372a 5 API calls collate 89294->89335 89296 9603a 89336 7372a 5 API calls collate 89296->89336 89298 96042 89299 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 89298->89299 89300 96059 89299->89300 89302 e8713 moneypunct 27 API calls 89301->89302 89303 94a6e 89302->89303 89305 94aa5 _com_issue_error 89303->89305 89338 e9900 89303->89338 89306 94ab8 error_info_injector 89305->89306 89307 94afc SysFreeString 89305->89307 89306->89193 89307->89306 89317 96496 89308->89317 89309 964fd 89311 e8713 moneypunct 27 API calls 89309->89311 89310 965af 89360 79b40 27 API calls 2 library calls 89310->89360 89313 96515 89311->89313 89359 96bb0 11 API calls error_info_injector 89313->89359 89314 965b4 89316 964e8 89316->89189 89317->89309 89317->89310 89317->89316 89319 965ef error_info_injector 89318->89319 89320 965cc 89318->89320 89319->89203 89320->89319 89321 ed60f 11 API calls 89320->89321 89322 96639 89321->89322 89323->89204 89324->89214 89325->89223 89326->89258 89327->89275 89328->89284 89329->89226 89330->89259 89331->89250 89332->89273 89333->89287 89334->89294 89335->89296 89336->89298 89337->89277 89339 e9960 89338->89339 89357 e993d 89338->89357 89341 e997f MultiByteToWideChar 89339->89341 89342 e9a33 _com_issue_error 89339->89342 89340 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 89343 e995a 89340->89343 89344 e999c 89341->89344 89345 e9a47 GetLastError 89341->89345 89342->89345 89343->89305 89346 f594f _Yarn 15 API calls 89344->89346 89347 e99ae __Strxfrm 89344->89347 89348 e9a51 _com_issue_error 89345->89348 89346->89347 89347->89342 89351 e99fa MultiByteToWideChar 89347->89351 89349 e9a70 GetLastError 89348->89349 89352 ee960 std::_Locinfo::~_Locinfo 14 API calls 89348->89352 89350 e9a7a _com_issue_error 89349->89350 89350->89305 89351->89348 89353 e9a0e SysAllocString 89351->89353 89354 e9a6d 89352->89354 89355 e9a1f 89353->89355 89356 e9a25 89353->89356 89354->89349 89358 ee960 std::_Locinfo::~_Locinfo 14 API calls 89355->89358 89356->89342 89356->89357 89357->89340 89358->89356 89359->89316 89360->89314 89361 c4db8 89362 c4da7 89361->89362 89363 d293c ___delayLoadHelper2@8 16 API calls 89362->89363 89364 c4db4 89363->89364 89365 f22d9 89366 f22fc 89365->89366 89367 f22e9 89365->89367 89369 f230e 89366->89369 89374 f2321 89366->89374 89368 ed73d __Wcrtomb 14 API calls 89367->89368 89391 f22ee __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __wsopen_s __allrem 89368->89391 89370 ed73d __Wcrtomb 14 API calls 89369->89370 89370->89391 89371 f2341 89375 ed73d __Wcrtomb 14 API calls 89371->89375 89372 f2352 89392 103ead 89372->89392 89374->89371 89374->89372 89375->89391 89378 f2369 89379 f255d 89378->89379 89399 10349f 14 API calls 2 library calls 89378->89399 89381 ed62c std::_Locinfo::_W_Getmonths 11 API calls 89379->89381 89382 f2567 89381->89382 89383 f237b 89383->89379 89400 1034cb 89383->89400 89385 f238d 89385->89379 89386 f2396 89385->89386 89387 f241b 89386->89387 89388 f23b7 89386->89388 89387->89391 89406 103f0a 25 API calls 2 library calls 89387->89406 89388->89391 89405 103f0a 25 API calls 2 library calls 89388->89405 89393 103eb9 __FrameHandler3::FrameUnwindToState 89392->89393 89394 f2357 89393->89394 89407 fcd41 EnterCriticalSection 89393->89407 89398 103473 14 API calls 2 library calls 89394->89398 89396 103eca 89408 103f01 LeaveCriticalSection std::_Lockit::~_Lockit 89396->89408 89398->89378 89399->89383 89401 1034d7 89400->89401 89402 1034ec 89400->89402 89403 ed73d __Wcrtomb 14 API calls 89401->89403 89402->89385 89404 1034dc __wsopen_s 89403->89404 89404->89385 89405->89391 89406->89391 89407->89396 89408->89394 89409 c4cfa 89411 c4c79 89409->89411 89410 d293c ___delayLoadHelper2@8 16 API calls 89410->89411 89411->89410 89418 9ea50 89421 9ed10 89418->89421 89419 9ea63 89422 9ed39 89421->89422 89423 9ed1a 89421->89423 89422->89419 89423->89422 89424 9ed22 RegSetValueExW 89423->89424 89424->89419 89425 9ecd0 89426 9ecde 89425->89426 89427 9ece7 lstrlenW 89425->89427 89429 9ed10 RegSetValueExW 89427->89429 89428 9ed07 89429->89428 89430 9df10 RegCreateKeyExW 89431 9df52 89430->89431 89432 9e590 89433 9e59a 89432->89433 89434 9e5a5 89432->89434 89437 9e8c0 RegQueryValueExW 89434->89437 89435 9e5bf 89437->89435 89438 10732a 89443 1070bf 89438->89443 89440 107340 89441 107369 89440->89441 89453 110408 89440->89453 89444 1070ed 89443->89444 89449 10723d 89444->89449 89456 f2041 49 API calls 2 library calls 89444->89456 89445 ed73d __Wcrtomb 14 API calls 89446 107248 __wsopen_s 89445->89446 89446->89440 89448 1072a5 89448->89449 89457 f2041 49 API calls 2 library calls 89448->89457 89449->89445 89449->89446 89451 1072c3 89451->89449 89458 f2041 49 API calls 2 library calls 89451->89458 89459 10fb11 89453->89459 89455 110423 89455->89441 89456->89448 89457->89451 89458->89449 89461 10fb1d __FrameHandler3::FrameUnwindToState 89459->89461 89460 10fb24 89462 ed73d __Wcrtomb 14 API calls 89460->89462 89461->89460 89463 10fb4f 89461->89463 89464 10fb29 __wsopen_s 89462->89464 89468 1100de 89463->89468 89464->89455 89469 1100fb 89468->89469 89470 110110 89469->89470 89471 110129 89469->89471 89529 ed72a 14 API calls __Wcrtomb 89470->89529 89515 10adb9 89471->89515 89475 110115 89480 ed73d __Wcrtomb 14 API calls 89475->89480 89476 110137 89530 ed72a 14 API calls __Wcrtomb 89476->89530 89477 11014e 89528 10fe25 CreateFileW 89477->89528 89505 10fb73 89480->89505 89481 11013c 89482 ed73d __Wcrtomb 14 API calls 89481->89482 89482->89475 89483 110204 GetFileType 89484 110256 89483->89484 89485 11020f GetLastError 89483->89485 89534 10ad04 15 API calls 3 library calls 89484->89534 89533 ed707 14 API calls 3 library calls 89485->89533 89486 1101d9 GetLastError 89532 ed707 14 API calls 3 library calls 89486->89532 89489 110187 89489->89483 89489->89486 89531 10fe25 CreateFileW 89489->89531 89490 11021d CloseHandle 89490->89475 89492 110246 89490->89492 89495 ed73d __Wcrtomb 14 API calls 89492->89495 89494 1101cc 89494->89483 89494->89486 89498 11024b 89495->89498 89496 110277 89497 1102c3 89496->89497 89535 110034 70 API calls 3 library calls 89496->89535 89502 1102ca 89497->89502 89536 10fbd2 71 API calls 3 library calls 89497->89536 89498->89475 89501 1102f8 89501->89502 89503 110306 89501->89503 89504 106b6c __wsopen_s 17 API calls 89502->89504 89503->89505 89506 110382 CloseHandle 89503->89506 89504->89505 89514 10fba6 LeaveCriticalSection __wsopen_s 89505->89514 89537 10fe25 CreateFileW 89506->89537 89508 1103ad 89509 1103b7 GetLastError 89508->89509 89510 1103e3 89508->89510 89538 ed707 14 API calls 3 library calls 89509->89538 89510->89505 89512 1103c3 89539 10aecc 15 API calls 3 library calls 89512->89539 89514->89464 89516 10adc5 __FrameHandler3::FrameUnwindToState 89515->89516 89540 fcd41 EnterCriticalSection 89516->89540 89518 10ae13 89541 10aec3 89518->89541 89520 10adf1 89544 10ab93 15 API calls 3 library calls 89520->89544 89523 10adcc 89523->89518 89523->89520 89525 10ae60 EnterCriticalSection 89523->89525 89524 10adf6 89524->89518 89545 10ace1 EnterCriticalSection 89524->89545 89525->89518 89527 10ae6d LeaveCriticalSection 89525->89527 89527->89523 89528->89489 89529->89475 89530->89481 89531->89494 89532->89475 89533->89490 89534->89496 89535->89497 89536->89501 89537->89508 89538->89512 89539->89510 89540->89523 89546 fcd91 LeaveCriticalSection 89541->89546 89543 10ae33 89543->89476 89543->89477 89544->89524 89545->89518 89546->89543 89547 87156 89548 e8713 moneypunct 27 API calls 89547->89548 89549 8715c __Strxfrm 89548->89549 89550 871bf 89549->89550 89561 8722a 89549->89561 89551 79bb0 125 API calls 89550->89551 89552 871c4 89551->89552 89554 79940 164 API calls 89552->89554 89553 8725f __Strxfrm 89569 87e01 89553->89569 89571 87348 89553->89571 89587 873b3 89553->89587 89555 871d4 89554->89555 89558 71b84 79 API calls 89555->89558 89556 87df1 89806 734d0 21 API calls collate 89556->89806 89560 871f0 89558->89560 89563 79ab0 76 API calls 89560->89563 89561->89553 89561->89556 89564 872db 89561->89564 89565 872b4 89561->89565 89567 87200 89563->89567 89564->89553 89568 e8713 moneypunct 27 API calls 89564->89568 89566 87dfc Concurrency::cancel_current_task 89565->89566 89572 e8713 moneypunct 27 API calls 89565->89572 89566->89569 89570 71c50 76 API calls 89567->89570 89568->89553 89573 ed60f 11 API calls 89569->89573 89574 8720e 89570->89574 89575 79bb0 125 API calls 89571->89575 89572->89553 89576 87e06 89573->89576 89791 88f20 76 API calls 89574->89791 89578 8734d 89575->89578 89582 79bb0 125 API calls 89576->89582 89580 79940 164 API calls 89578->89580 89579 87219 89583 7b8a0 163 API calls 89579->89583 89581 8735d 89580->89581 89584 71b84 79 API calls 89581->89584 89585 87e5c 89582->89585 89662 87221 std::ios_base::_Ios_base_dtor error_info_injector __Mtx_unlock 89583->89662 89586 87379 89584->89586 89588 79940 164 API calls 89585->89588 89792 71be0 76 API calls 89586->89792 89587->89556 89590 8746a 89587->89590 89591 87443 89587->89591 89603 873ee __Strxfrm 89587->89603 89592 87e6c 89588->89592 89598 e8713 moneypunct 27 API calls 89590->89598 89590->89603 89591->89566 89597 e8713 moneypunct 27 API calls 89591->89597 89594 71b84 79 API calls 89592->89594 89593 87389 89595 71c50 76 API calls 89593->89595 89599 87e88 89594->89599 89601 87397 89595->89601 89596 874d7 89602 79bb0 125 API calls 89596->89602 89597->89603 89598->89603 89807 71be0 76 API calls 89599->89807 89793 88f20 76 API calls 89601->89793 89606 874dc 89602->89606 89603->89569 89603->89596 89618 87542 89603->89618 89604 87e98 89607 7b8a0 163 API calls 89604->89607 89609 79940 164 API calls 89606->89609 89621 87ea3 std::ios_base::_Ios_base_dtor 89607->89621 89608 873a2 89611 7b8a0 163 API calls 89608->89611 89612 874ec 89609->89612 89610 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 89613 87dea 89610->89613 89611->89662 89615 71b84 79 API calls 89612->89615 89614 87d49 89734 94b40 89614->89734 89617 87508 89615->89617 89794 71be0 76 API calls 89617->89794 89618->89556 89622 876d8 89618->89622 89626 875ff 89618->89626 89627 875d6 89618->89627 89648 8757f __Strxfrm 89618->89648 89619 87d63 89733 8e380 224 API calls 89619->89733 89620 87b9d 89620->89556 89620->89614 89631 87c00 89620->89631 89677 87bde __Strxfrm 89620->89677 89625 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 89621->89625 89622->89556 89624 8786e 89622->89624 89632 8776c 89622->89632 89633 87795 89622->89633 89658 87715 __Strxfrm 89622->89658 89624->89556 89630 87a07 89624->89630 89637 8792e 89624->89637 89638 87905 89624->89638 89663 878ae __Strxfrm 89624->89663 89629 885c6 89625->89629 89640 e8713 moneypunct 27 API calls 89626->89640 89626->89648 89627->89566 89639 e8713 moneypunct 27 API calls 89627->89639 89628 87518 89634 71c50 76 API calls 89628->89634 89630->89556 89630->89620 89646 87a9b 89630->89646 89647 87ac2 89630->89647 89674 87a44 __Strxfrm 89630->89674 89656 87c5c 89631->89656 89657 87c35 89631->89657 89632->89566 89649 e8713 moneypunct 27 API calls 89632->89649 89643 e8713 moneypunct 27 API calls 89633->89643 89633->89658 89635 87526 89634->89635 89795 88f20 76 API calls 89635->89795 89636 8766d 89642 79bb0 125 API calls 89636->89642 89654 e8713 moneypunct 27 API calls 89637->89654 89637->89663 89638->89566 89652 e8713 moneypunct 27 API calls 89638->89652 89639->89648 89640->89648 89651 87672 89642->89651 89643->89658 89645 87803 89653 79bb0 125 API calls 89645->89653 89646->89566 89665 e8713 moneypunct 27 API calls 89646->89665 89667 e8713 moneypunct 27 API calls 89647->89667 89647->89674 89648->89569 89648->89622 89648->89636 89649->89658 89650 87531 89660 7b8a0 163 API calls 89650->89660 89661 79940 164 API calls 89651->89661 89652->89663 89664 87808 89653->89664 89654->89663 89655 8799c 89666 79bb0 125 API calls 89655->89666 89670 e8713 moneypunct 27 API calls 89656->89670 89656->89677 89657->89566 89668 87c40 89657->89668 89658->89569 89658->89624 89658->89645 89659 87b32 89669 79bb0 125 API calls 89659->89669 89660->89662 89671 87682 89661->89671 89662->89610 89663->89569 89663->89630 89663->89655 89673 79940 164 API calls 89664->89673 89665->89674 89675 879a1 89666->89675 89667->89674 89676 e8713 moneypunct 27 API calls 89668->89676 89678 87b37 89669->89678 89670->89677 89679 71b84 79 API calls 89671->89679 89672 87ccc 89680 79bb0 125 API calls 89672->89680 89681 87818 89673->89681 89674->89569 89674->89620 89674->89659 89682 79940 164 API calls 89675->89682 89676->89677 89677->89569 89677->89614 89677->89672 89683 79940 164 API calls 89678->89683 89684 8769e 89679->89684 89685 87cd1 89680->89685 89686 71b84 79 API calls 89681->89686 89687 879b1 89682->89687 89688 87b47 89683->89688 89796 71be0 76 API calls 89684->89796 89690 79940 164 API calls 89685->89690 89691 87834 89686->89691 89692 71b84 79 API calls 89687->89692 89693 71b84 79 API calls 89688->89693 89695 87ce1 89690->89695 89798 71be0 76 API calls 89691->89798 89697 879cd 89692->89697 89698 87b63 89693->89698 89694 876ae 89699 71c50 76 API calls 89694->89699 89700 71b84 79 API calls 89695->89700 89800 71be0 76 API calls 89697->89800 89802 71be0 76 API calls 89698->89802 89704 876bc 89699->89704 89705 87cfd 89700->89705 89701 87844 89706 71c50 76 API calls 89701->89706 89797 88f20 76 API calls 89704->89797 89804 71be0 76 API calls 89705->89804 89712 87852 89706->89712 89707 879dd 89708 71c50 76 API calls 89707->89708 89713 879eb 89708->89713 89709 87b73 89714 71c50 76 API calls 89709->89714 89799 88f20 76 API calls 89712->89799 89801 88f20 76 API calls 89713->89801 89719 87b81 89714->89719 89715 876c7 89720 7b8a0 163 API calls 89715->89720 89716 87d0d 89721 71c50 76 API calls 89716->89721 89803 88f20 76 API calls 89719->89803 89720->89662 89725 87d1b 89721->89725 89722 8785d 89726 7b8a0 163 API calls 89722->89726 89723 879f6 89727 7b8a0 163 API calls 89723->89727 89805 88f20 76 API calls 89725->89805 89726->89662 89727->89662 89728 87b8c 89730 7b8a0 163 API calls 89728->89730 89730->89662 89731 87d26 89732 7b8a0 163 API calls 89731->89732 89732->89662 89808 952d0 89734->89808 89736 94b83 89737 e8713 moneypunct 27 API calls 89736->89737 89738 94c08 89737->89738 89884 96340 89738->89884 89740 94eba 89741 91b40 29 API calls 89740->89741 89754 94ec9 error_info_injector 89741->89754 89743 94f98 89748 94fc2 89743->89748 89890 92f20 29 API calls 3 library calls 89743->89890 89745 96360 27 API calls 89758 94d1a 89745->89758 89746 94c8a 89746->89758 89887 96c80 29 API calls moneypunct 89746->89887 89750 9517d 89748->89750 89751 9502e 89748->89751 89764 9500e __Strxfrm 89748->89764 89749 95187 89753 ed60f 11 API calls 89749->89753 89891 734d0 21 API calls collate 89750->89891 89760 9508b 89751->89760 89761 95062 89751->89761 89757 9518c 89753->89757 89754->89743 89754->89749 89889 777a9 5 API calls collate 89754->89889 89756 95182 Concurrency::cancel_current_task 89756->89749 89766 79bb0 125 API calls 89757->89766 89758->89740 89758->89745 89762 e8713 moneypunct 27 API calls 89758->89762 89765 f594f _Yarn 15 API calls 89758->89765 89888 96640 27 API calls 3 library calls 89758->89888 89759 ee960 std::_Locinfo::~_Locinfo 14 API calls 89777 950d8 error_info_injector 89759->89777 89760->89764 89768 e8713 moneypunct 27 API calls 89760->89768 89761->89756 89763 9506d 89761->89763 89762->89758 89767 e8713 moneypunct 27 API calls 89763->89767 89764->89759 89765->89758 89769 951cb 89766->89769 89770 95073 89767->89770 89768->89764 89771 79940 164 API calls 89769->89771 89770->89749 89770->89764 89772 951db 89771->89772 89774 71b84 79 API calls 89772->89774 89773 ee960 std::_Locinfo::~_Locinfo 14 API calls 89776 9513b error_info_injector 89773->89776 89778 951f7 89774->89778 89775 9510c error_info_injector 89775->89773 89782 ee960 std::_Locinfo::~_Locinfo 14 API calls 89776->89782 89777->89775 89779 ee960 std::_Locinfo::~_Locinfo 14 API calls 89777->89779 89892 71be0 76 API calls 89778->89892 89779->89777 89781 95207 89783 7b8a0 163 API calls 89781->89783 89784 9514d error_info_injector 89782->89784 89788 9520f std::ios_base::_Ios_base_dtor error_info_injector 89783->89788 89785 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 89784->89785 89786 95177 89785->89786 89786->89619 89787 952a8 error_info_injector 89787->89619 89788->89787 89789 ed60f 11 API calls 89788->89789 89791->89579 89792->89593 89793->89608 89794->89628 89795->89650 89796->89694 89797->89715 89798->89701 89799->89722 89800->89707 89801->89723 89802->89709 89803->89728 89804->89716 89805->89731 89807->89604 89809 9571d 89808->89809 89810 96440 27 API calls 89809->89810 89811 9575a GetModuleHandleW 89810->89811 89813 95816 89811->89813 89814 96440 27 API calls 89813->89814 89815 95885 89814->89815 89816 965c0 11 API calls 89815->89816 89817 9588c 89816->89817 89818 96440 27 API calls 89817->89818 89819 9595c 89818->89819 89820 96440 27 API calls 89819->89820 89821 95ae8 89820->89821 89841 95b83 std::ios_base::_Ios_base_dtor error_info_injector 89821->89841 89893 711f3 29 API calls 2 library calls 89821->89893 89823 95bdb 89825 95be6 89823->89825 89830 95cfc error_info_injector 89823->89830 89824 96440 27 API calls 89829 95cc5 89824->89829 89826 79bb0 125 API calls 89825->89826 89828 95beb 89826->89828 89827 96440 27 API calls 89831 95d62 89827->89831 89832 79940 164 API calls 89828->89832 89833 95e30 89829->89833 89834 95de7 89829->89834 89847 95cd3 __Strxfrm 89829->89847 89830->89827 89831->89841 89895 8aad0 28 API calls 4 library calls 89831->89895 89835 95bfb 89832->89835 89844 e8713 moneypunct 27 API calls 89833->89844 89833->89847 89836 95df2 89834->89836 89837 96085 Concurrency::cancel_current_task 89834->89837 89839 71b84 79 API calls 89835->89839 89843 e8713 moneypunct 27 API calls 89836->89843 89842 9608a 89837->89842 89840 95c17 89839->89840 89894 71be0 76 API calls 89840->89894 89841->89824 89846 ed60f 11 API calls 89842->89846 89843->89847 89844->89847 89849 9608f 89846->89849 89847->89842 89852 95ebc error_info_injector 89847->89852 89848 95c27 89850 7b8a0 163 API calls 89848->89850 89851 ed60f 11 API calls 89849->89851 89850->89841 89863 96094 error_info_injector 89851->89863 89854 96440 27 API calls 89852->89854 89865 95f73 error_info_injector 89852->89865 89853 95f82 GetModuleHandleW 89855 95fc1 89853->89855 89856 95f95 GetProcAddress 89853->89856 89857 95f2f 89854->89857 89861 96440 27 API calls 89855->89861 89856->89855 89859 95fa7 GetCurrentProcess 89856->89859 89860 95f45 89857->89860 89896 8aad0 28 API calls 4 library calls 89857->89896 89859->89855 89860->89849 89860->89853 89860->89865 89866 96022 89861->89866 89862 960f4 89871 9610e SysFreeString 89862->89871 89875 9611b error_info_injector 89862->89875 89876 96166 error_info_injector 89863->89876 89901 967b0 12 API calls error_info_injector 89863->89901 89865->89853 89897 736db 27 API calls collate 89866->89897 89867 ed60f 11 API calls 89869 961d9 89867->89869 89870 9602a 89898 7372a 5 API calls collate 89870->89898 89871->89875 89872 961b4 error_info_injector 89872->89736 89873 96159 SysFreeString 89873->89876 89875->89873 89875->89876 89876->89867 89876->89872 89877 96032 89899 7372a 5 API calls collate 89877->89899 89879 9603a 89900 7372a 5 API calls collate 89879->89900 89881 96042 89882 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 89881->89882 89883 96059 89882->89883 89883->89736 89885 e8367 __ehhandler$?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z 5 API calls 89884->89885 89886 96355 89885->89886 89886->89746 89887->89746 89888->89758 89889->89754 89890->89748 89892->89781 89893->89823 89894->89848 89895->89841 89896->89860 89897->89870 89898->89877 89899->89879 89900->89881 89901->89862

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00095318 Relevance: 69.2, APIs: 12, Strings: 27, Instructions: 928COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 0 95318-9532c call e88fa 3 9571d-95b7a call 96440 GetModuleHandleW call 96440 call 965c0 call 96440 * 2 call 89180 0->3 4 95332-953a2 call e8713 call 94a40 0->4 61 95b7f-95b81 3->61 62 95b7a call 89180 3->62 12 953a7-9571a call 94a40 * 2 call 961f0 call e85d4 call 94a40 * 3 call 961f0 call e85d4 call 94a40 * 3 call 961f0 call e85d4 call 94a40 * 3 call 961f0 call e85d4 call e8713 call e85bf call e88b0 4->12 12->3 65 95b83-95b8d 61->65 66 95bc4-95be0 call 711f3 61->66 62->61 68 95c8d-95ccd call 96440 65->68 69 95b93-95ba5 65->69 79 95cfc-95d06 66->79 80 95be6-95c59 call 79bb0 call 79940 call 71b84 call 71be0 call 7b8a0 call d2bfd 66->80 87 95db3-95dc0 68->87 88 95cd3-95cd8 68->88 72 95bab-95bbf 69->72 73 95c83-95c8a call e8375 69->73 72->73 73->68 83 95d08-95d1a 79->83 84 95d3a-95d67 call 96440 79->84 80->68 176 95c5b-95c6d 80->176 94 95d1c-95d2a 83->94 95 95d30-95d37 call e8375 83->95 109 95d69-95d73 call 8aad0 84->109 110 95d78-95d82 84->110 91 95dc9-95dce 87->91 92 95dc2-95dc7 87->92 89 95cda 88->89 90 95cdc-95cf7 call ea3a0 88->90 89->90 113 95e8e-95e98 90->113 99 95dd1-95de5 91->99 92->99 94->95 95->84 105 95e30-95e32 99->105 106 95de7-95dec 99->106 117 95e64-95e86 105->117 118 95e34-95e62 call e8713 105->118 114 95df2-95dfd call e8713 106->114 115 96085 Concurrency::cancel_current_task 106->115 109->110 110->68 112 95d88-95d94 110->112 112->73 122 95d9a-95dae 112->122 124 95e9a-95ea6 113->124 125 95ec6-95ee7 call 89980 113->125 126 9608a call ed60f 114->126 143 95e03-95e2e 114->143 115->126 123 95e8c 117->123 118->123 122->73 123->113 132 95ea8-95eb6 124->132 133 95ebc-95ec3 call e8375 124->133 142 95eec-95eee 125->142 141 9608f-960aa call ed60f 126->141 132->126 132->133 133->125 159 960d8-960fc call 967b0 141->159 160 960ac-960b6 141->160 148 95f7f 142->148 149 95ef4-95f34 call 96440 142->149 143->123 152 95f82-95f93 GetModuleHandleW 148->152 169 95f45-95f4f 149->169 170 95f36-95f40 call 8aad0 149->170 157 95fd1 152->157 158 95f95-95fa5 GetProcAddress 152->158 163 95fd3-9605c call 96440 call 736db call 7372a * 3 call e8367 157->163 158->157 166 95fa7-95fc5 GetCurrentProcess 158->166 186 960fe-96106 159->186 187 96144-96149 159->187 167 960b8-960c6 160->167 168 960ce-960d5 call e8375 160->168 166->157 215 95fc7-95fcb 166->215 177 960cc 167->177 178 961d4-961d9 call ed60f 167->178 168->159 169->152 173 95f51-95f5d 169->173 170->169 183 95f5f-95f6d 173->183 184 95f73-95f7d call e8375 173->184 176->73 189 95c6f-95c7d 176->189 177->168 183->141 183->184 184->152 196 96108-9610c 186->196 197 9613d 186->197 191 9614b-96151 187->191 192 9618f-96197 187->192 189->73 199 96188 191->199 200 96153-96157 191->200 205 96199-961a2 192->205 206 961c0-961d3 192->206 203 9611b-96120 196->203 204 9610e-96115 SysFreeString 196->204 197->187 199->192 208 96159-96160 SysFreeString 200->208 209 96166-9616b 200->209 211 96132-9613a call e8375 203->211 212 96122-9612b call e874c 203->212 204->203 213 961a4-961b2 205->213 214 961b6-961bd call e8375 205->214 208->209 217 9617d-96185 call e8375 209->217 218 9616d-96176 call e874c 209->218 211->197 212->211 213->178 222 961b4 213->222 214->206 215->157 223 95fcd-95fcf 215->223 217->199 218->217 222->214 223->163
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 000E88FA: EnterCriticalSection.KERNEL32(0016742C,?,?,?,0008402B,0016827C,384F580C,?,00081171,?), ref: 000E8905
                                                                                                                                                                                                                          • Part of subcall function 000E88FA: LeaveCriticalSection.KERNEL32(0016742C,?,?,?,0008402B,0016827C,384F580C,?,00081171,?), ref: 000E8942
                                                                                                                                                                                                                          • Part of subcall function 00094A40: _com_issue_error.COMSUPP ref: 00094AD2
                                                                                                                                                                                                                          • Part of subcall function 00094A40: SysFreeString.OLEAUT32(-00000001), ref: 00094AFD
                                                                                                                                                                                                                          • Part of subcall function 000961F0: Concurrency::cancel_current_task.LIBCPMT ref: 000962BF
                                                                                                                                                                                                                          • Part of subcall function 000E88B0: EnterCriticalSection.KERNEL32(0016742C,?,?,00084086,0016827C,001268E0,?), ref: 000E88BA
                                                                                                                                                                                                                          • Part of subcall function 000E88B0: LeaveCriticalSection.KERNEL32(0016742C,?,?,00084086,0016827C,001268E0,?), ref: 000E88ED
                                                                                                                                                                                                                          • Part of subcall function 000E88B0: RtlWakeAllConditionVariable.NTDLL ref: 000E8964
                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,384F580C,?,?), ref: 000957B4
                                                                                                                                                                                                                        • FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 000957C5
                                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 000957D1
                                                                                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 000957DC
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00096067
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00096085
                                                                                                                                                                                                                        • SysFreeString.OLEAUT32 ref: 0009610F
                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 0009615A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalSection$Concurrency::cancel_current_taskFreeResourceString$EnterLeave$ConditionFindHandleLoadLockModuleVariableWake_com_issue_error
                                                                                                                                                                                                                        • String ID: (error)$)$0.0.0.0$4.1.1.865$EstimatedRunTime$Failed to convert wuuid to string$IsWow64Process$NO_REGKEY$PCSystemTypeEx$PowerState$PredictFailure$Root\CIMV2$Time$UUID$UUID$Version$ery)$kState$kernel32$kernel32.dll$orm$root\wmi$select EstimatedRunTime from Win32_Battery$select PCSystemTypeEx from Win32_ComputerSystem$select PowerState from Win32_ComputerSystem$select PredictFailure from MSStorageDriver_FailurePredictStatus$t
                                                                                                                                                                                                                        • API String ID: 2830066208-329860846
                                                                                                                                                                                                                        • Opcode ID: a2e62d2976bfa5157a5d7ab1b2b4332b2136c0f04aa5b46449b4cfeaf9fe446c
                                                                                                                                                                                                                        • Instruction ID: 95f7fa5f8f121bae8a4f59ae3cf704b475e52a54f13909c8a9aa0724c97a93bb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a2e62d2976bfa5157a5d7ab1b2b4332b2136c0f04aa5b46449b4cfeaf9fe446c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D682F1709003849FEF25DFA4DC487AEBBB1BB45304F24421CE445AB7E2DBB59A84DB61
                                                                                                                                                                                                                        Function 0008F110 Relevance: 68.3, APIs: 21, Strings: 17, Instructions: 1782COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008F268
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008F307
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008F37E
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008F8B0
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008FBBD
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008FDB6
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000900BA
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0009015F
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000001,?,?,00000004), ref: 000905D7
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00090614
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000001,?,?,00000004), ref: 0009086A
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000908A7
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000001,0000018F,00000000,X-Api-Key: ,0000000B,00000000,00000000,?,?,00000004), ref: 00090A90
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00090ACD
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorstd::ios_base::_$ErrorLast$InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                        • String ID: 0Ywx4MUvRidmWf74nsIlBPIxJYIG9Nf0lSnge8SvgvY3RVy4E6gFLp3VDBcDO830QhXvfpgCb55sRtnVqKb2zUO3Vq7ko1b$AWS Adhoc Telemetry Payload = $AWS Response Code received $AdhocTelemetryAWS$Failed to convert the x_api_key string to wide$Failed to initialize buffer for AWS$HTTP add request header failed for AWS x_api_key: $HTTP connection failed for AWS: $HTTP open request failed for AWS: $HTTP receive response failed for AWS: $HTTP send request failed for AWS: $HTTP status error for AWS: $NO_REGVALUE$Querying AdhocTelemetryAWS value failed: $SOFTWARE\McAfee\WebAdvisor$X-Api-Key: $`ato
                                                                                                                                                                                                                        • API String ID: 1658547907-4278538183
                                                                                                                                                                                                                        • Opcode ID: 9c2d8cf93e305d8ce47130f1c73a01c167e34ba38bfe33f9bf95e965d48a194a
                                                                                                                                                                                                                        • Instruction ID: d5a02c69fe3ae6120b423a4ed1496796f16b05894839b64ad7ba281b64783e83
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c2d8cf93e305d8ce47130f1c73a01c167e34ba38bfe33f9bf95e965d48a194a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27F28A709002699FDF24EB24CD99BEEB7B5AF45304F1082E8E44DA6292DB759BC4CF50
                                                                                                                                                                                                                        Function 000A3AC0 Relevance: 66.7, APIs: 3, Strings: 34, Instructions: 1934COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::locale::_Init.LIBCPMT ref: 000A3CE8
                                                                                                                                                                                                                          • Part of subcall function 000D3084: __EH_prolog3.LIBCMT ref: 000D308B
                                                                                                                                                                                                                          • Part of subcall function 000D3084: std::_Lockit::_Lockit.LIBCPMT ref: 000D3096
                                                                                                                                                                                                                          • Part of subcall function 000D3084: std::locale::_Setgloballocale.LIBCPMT ref: 000D30B1
                                                                                                                                                                                                                          • Part of subcall function 000D3084: std::_Lockit::~_Lockit.LIBCPMT ref: 000D3107
                                                                                                                                                                                                                        • std::locale::_Init.LIBCPMT ref: 000A4934
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000A4CD5
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::locale::_$InitLockitstd::_$H_prolog3Ios_base_dtorLockit::_Lockit::~_Setgloballocalestd::ios_base::_
                                                                                                                                                                                                                        • String ID: 2$Command "%s" failed$Couldn't find the ReturnCode attribute of EXIT command$EXIT$EXIT_UPDATE$EXIT_XML$Exit update command triggered. Exiting...$Malformed XML, no UPDATEARRAY element$NWebAdvisor::NXmlUpdater::CUpdater::Process$NWebAdvisor::NXmlUpdater::Hound::End$NWebAdvisor::NXmlUpdater::Hound::ExitResult$NWebAdvisor::NXmlUpdater::Hound::Start$PRECONDITION$PRECONDITIONARRAY$Precondition "%s" evaluated to false$Precondition "%s" evaluated to true$ReturnCode$TAG$UPDATE$UPDATEARRAY$UPDATECOMMANDS$Unable to convert ReturnCode into int$Unable to substitute the return code$XML precondition array returned false due to sniffer actions$XML precondition array returned true due to sniffer actions$XML precondition array with tag %s returned false$XML precondition array with tag %s returned false due to sniffer actions$XML precondition array with tag %s returned true due to sniffer actions$XML precondition failed - no Type specified$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.h$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\xmlUpdater.cpp$false$true$unknown
                                                                                                                                                                                                                        • API String ID: 3544396713-2181764886
                                                                                                                                                                                                                        • Opcode ID: 623e5f2a348a7fc2c997efbf54120d667f76ad559136443616603339abde2586
                                                                                                                                                                                                                        • Instruction ID: b403ec0c26bae709a504a38dbc0c62f96fe2a2ff202c9d89c5a3a87c693c34e9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 623e5f2a348a7fc2c997efbf54120d667f76ad559136443616603339abde2586
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB137A75D012289BDB24DFA4CC49BDDB7B4AF49304F1482D9E409BB292DB74AE84CF91
                                                                                                                                                                                                                        Function 00085870 Relevance: 60.3, APIs: 22, Strings: 12, Instructions: 780encryptionfilethreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 1938 85870-858d0 GetCurrentProcessId GetCurrentThreadId call f594f 1941 86170-86185 call 7c900 1938->1941 1942 858d6-85943 CreateFileW 1938->1942 1950 861a5-861ab 1941->1950 1951 86187-86189 1941->1951 1944 8596f-85973 1942->1944 1945 85945-85965 CreateFileW 1942->1945 1948 8597a-8599c CreateFileW 1944->1948 1949 85975 1944->1949 1945->1944 1947 85967-8596d 1945->1947 1947->1949 1952 8599e-859c0 CreateFileW 1948->1952 1953 85a05-85a49 call ea920 UuidCreate 1948->1953 1949->1948 1955 861ad-861ba 1950->1955 1956 861be-861c4 1950->1956 1951->1950 1957 8618b-8618e 1951->1957 1952->1953 1958 859c2-859e4 CreateFileW 1952->1958 1964 8620b-8621b call 7c900 1953->1964 1965 85a4f-85a5f UuidCreate 1953->1965 1955->1956 1960 861c6-861d3 1956->1960 1961 861d7-861dd 1956->1961 1957->1950 1962 86190-86194 1957->1962 1958->1953 1963 859e6-85a03 CreateFileW 1958->1963 1960->1961 1967 861df-861ec 1961->1967 1968 861f0-86206 call e8367 1961->1968 1962->1950 1969 86196-8619a 1962->1969 1963->1953 1964->1957 1965->1964 1971 85a65-85a87 call 85790 1965->1971 1967->1968 1969->1950 1974 8619c-861a3 call 869a0 1969->1974 1982 85a89 1971->1982 1983 85aea-85af2 1971->1983 1974->1950 1985 85a90-85a96 1982->1985 1983->1964 1984 85af8-85b30 1983->1984 2002 85b36-85b3e 1984->2002 2003 86207 1984->2003 1986 85a98-85a9d 1985->1986 1987 85a9f-85aa5 1985->1987 1989 85ad9-85ae1 call 85790 1986->1989 1990 85aae-85ab4 1987->1990 1991 85aa7-85aac 1987->1991 1995 85ae6-85ae8 1989->1995 1993 85abd-85ac3 1990->1993 1994 85ab6-85abb 1990->1994 1991->1989 1997 85acc-85ad2 1993->1997 1998 85ac5-85aca 1993->1998 1994->1989 1995->1983 1995->1985 1997->1983 1999 85ad4 1997->1999 1998->1989 1999->1989 2002->2003 2004 85b44-85b5c 2002->2004 2003->1964 2004->2003 2007 85b62-85b66 2004->2007 2007->2003 2008 85b6c-85c01 call 84cc0 2007->2008 2008->2003 2021 85c07-85c4a 2008->2021 2026 8616c 2021->2026 2027 85c50-85c54 2021->2027 2026->1941 2027->2026 2028 85c5a-85c74 2027->2028 2028->2026 2031 85c7a-85c7e 2028->2031 2031->2026 2032 85c84-85cd4 call 84cc0 2031->2032 2039 85cd7-85ce0 2032->2039 2039->2039 2040 85ce2-85d16 CryptAcquireContextW 2039->2040 2041 85d18-85d32 CryptCreateHash 2040->2041 2042 85d65-85d6b 2040->2042 2041->2042 2043 85d34-85d4b CryptHashData 2041->2043 2044 85d6d-85d6e CryptDestroyHash 2042->2044 2045 85d74-85d7a 2042->2045 2043->2042 2046 85d4d-85d5f CryptGetHashParam 2043->2046 2044->2045 2047 85d7c-85d7f CryptReleaseContext 2045->2047 2048 85d85-85ef5 2045->2048 2046->2042 2047->2048 2048->2026 2077 85efb-85f4e call 84cc0 2048->2077 2084 85f50-85f59 2077->2084 2084->2084 2085 85f5b-85f8f CryptAcquireContextW 2084->2085 2086 85fde-85fe4 2085->2086 2087 85f91-85fab CryptCreateHash 2085->2087 2089 85fed-85ff3 2086->2089 2090 85fe6-85fe7 CryptDestroyHash 2086->2090 2087->2086 2088 85fad-85fc4 CryptHashData 2087->2088 2088->2086 2091 85fc6-85fd8 CryptGetHashParam 2088->2091 2092 85ffe-86166 2089->2092 2093 85ff5-85ff8 CryptReleaseContext 2089->2093 2090->2089 2091->2086 2092->2026 2093->2092
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 000858AA
                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 000858B4
                                                                                                                                                                                                                        • CreateFileW.KERNEL32(\\.\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 0008593A
                                                                                                                                                                                                                        • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 0008595C
                                                                                                                                                                                                                        • CreateFileW.KERNEL32(\\.\WGUARDNT,80000000,00000000,00000000,00000003,40000000,00000000), ref: 00085991
                                                                                                                                                                                                                        • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,80000000,00000000,00000000,00000003,40000000,00000000), ref: 000859B5
                                                                                                                                                                                                                        • CreateFileW.KERNEL32(\\.\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 000859D9
                                                                                                                                                                                                                        • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 000859FD
                                                                                                                                                                                                                        • UuidCreate.RPCRT4(00000000), ref: 00085A41
                                                                                                                                                                                                                        • UuidCreate.RPCRT4(00000000), ref: 00085A57
                                                                                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(?), ref: 00085D0E
                                                                                                                                                                                                                        • CryptCreateHash.ADVAPI32(00000010,00008003,00000000,00000000,?), ref: 00085D2A
                                                                                                                                                                                                                        • CryptHashData.ADVAPI32(?,?,00000000,00000000), ref: 00085D43
                                                                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000), ref: 00085D5F
                                                                                                                                                                                                                        • CryptDestroyHash.ADVAPI32(?), ref: 00085D6E
                                                                                                                                                                                                                        • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00085D7F
                                                                                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(?), ref: 00085F87
                                                                                                                                                                                                                        • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,?), ref: 00085FA3
                                                                                                                                                                                                                        • CryptHashData.ADVAPI32(?,?,00000000,00000000), ref: 00085FBC
                                                                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000), ref: 00085FD8
                                                                                                                                                                                                                        • CryptDestroyHash.ADVAPI32(?), ref: 00085FE7
                                                                                                                                                                                                                        • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00085FF8
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Crypt$Create$Hash$File$Context$AcquireCurrentDataDestroyParamReleaseUuid$ProcessThread
                                                                                                                                                                                                                        • String ID: AacControl$AacControl2$AacControl3$AacControl4$AacControl5$AacControl6$Created access handle %p$\\.\Global\WGUARDNT$\\.\WGUARDNT$accesslib policy %x:%x$al delete policy on terminate process 0x%x (%d) rule$al disable rules on terminate thread 0x%x (%d) rule
                                                                                                                                                                                                                        • API String ID: 4128897270-3926088020
                                                                                                                                                                                                                        • Opcode ID: 2c29502a0313846faa418f5a9936d3642dbe5c665a61f320fc3334395d728711
                                                                                                                                                                                                                        • Instruction ID: df65eded4ddbca72a507927f395074c7dd18d8c7ee0b9f74a654c1de1439f121
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c29502a0313846faa418f5a9936d3642dbe5c665a61f320fc3334395d728711
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A524635704310AFDB249F24CC88B2ABBE6BB88711F150559FA45A73A1DB74ED428F86
                                                                                                                                                                                                                        Function 000C1840 Relevance: 56.8, APIs: 5, Strings: 27, Instructions: 754registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RegCreateKeyExW.KERNEL32(80000002,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,-00000028,?,?,-00000028,00000000,?), ref: 000C1932
                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000028,?), ref: 000C1DAD
                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,?,?,?,-00000028,?,?,-00000028,00000000,?), ref: 000C1DD3
                                                                                                                                                                                                                        • std::locale::_Init.LIBCPMT ref: 000C20C4
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Close$CreateInitstd::locale::_
                                                                                                                                                                                                                        • String ID: to $(Default)$BIN$DWORD$Error (%d) creating registry key: %s$Error (%d) setting value (%s) under registry key: %s$Key$NUM$NWebAdvisor::NXmlUpdater::CSetVariableCommand::Execute$NWebAdvisor::NXmlUpdater::SetRegistryKey$QWORD$STR$Setting variable $Unable to convert %s to hex$Unable to read key or value attribute of SETVAR command$Unable to set the variable$Unable to substitute variables for the SETVAR command$Unknown registry key type: %s$Value$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\RegistryCommand.cpp$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SetVariableCommand.cpp$invalid stoul argument$invalid stoull argument$invalid substitutor$memcpy_s failed in NWebAdvisor::NXmlUpdater::SetRegistryKey$stoul argument out of range$stoull argument out of range
                                                                                                                                                                                                                        • API String ID: 3662814871-412574832
                                                                                                                                                                                                                        • Opcode ID: 6b06ed8c034dbd739577dd37b07567c363200bd2598b2ebae04e3fd4db0322fd
                                                                                                                                                                                                                        • Instruction ID: fde6b03eafb574197469fbbfd2d3f6f3441f9541f61e223d595e4506847193dc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6b06ed8c034dbd739577dd37b07567c363200bd2598b2ebae04e3fd4db0322fd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D528F70A003199FEB20DF94CC85FDEB7B5AF06704F1441ADE84967282E775AA45CFA2
                                                                                                                                                                                                                        Function 00085204 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 345registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 2952 85204-8523e RegOpenKeyExW 2953 852e2-85311 call ee960 GetLastError 2952->2953 2954 85244-85273 RegQueryValueExW 2952->2954 2959 8538b-853dc 2953->2959 2955 852ca-852dc RegCloseKey 2954->2955 2956 85275-8527d 2954->2956 2955->2953 2955->2959 2956->2955 2958 8527f-85292 call 84c10 2956->2958 2970 852b4-852c8 SetLastError RegCloseKey 2958->2970 2971 85294-8529c 2958->2971 2961 853fd-85401 2959->2961 2962 853de-853eb OutputDebugStringW call 84f50 2959->2962 2965 8547e-85481 2961->2965 2966 85403-85449 call ea920 * 2 call 86ae0 2961->2966 2968 853f0-853f8 2962->2968 2972 8548f-85496 2965->2972 2973 85483-85489 2965->2973 2966->2965 3007 8544b-85471 2966->3007 2968->2965 2970->2953 2971->2955 2977 8529e-852b2 call 84c10 2971->2977 2974 8549c-854b8 OutputDebugStringW call 84e60 2972->2974 2975 855d1-855d7 2972->2975 2973->2972 2973->2975 2992 855cb 2974->2992 2993 854be-854d8 call 84e60 2974->2993 2978 855d9 2975->2978 2979 855f3 2975->2979 2977->2955 2977->2970 2983 855df-855e5 2978->2983 2984 85703-8570a 2978->2984 2986 855f5 2979->2986 2983->2984 2991 855eb-855f1 2983->2991 2989 85739 2984->2989 2990 8570c-8571b LoadLibraryExW 2984->2990 2986->2984 2994 855fb-85606 2986->2994 2997 8573e-85743 2989->2997 2996 8571d-85737 GetLastError call ee960 2990->2996 2990->2997 2991->2986 2992->2975 3009 854da-854e0 2993->3009 3010 854f2-85516 call f594f 2993->3010 2999 85608-8560a 2994->2999 3000 85610-8561c call 84dc0 2994->3000 2996->2997 3004 8574e-85753 2997->3004 3005 85745-8574b call e874c 2997->3005 2999->3000 3018 856ea-856ef 3000->3018 3019 85622-8562a 3000->3019 3013 8575e-85784 call e8367 3004->3013 3014 85755-8575b call e874c 3004->3014 3005->3004 3007->2965 3015 85518-8551f 3009->3015 3016 854e2-854eb call ee960 3009->3016 3010->3015 3014->3013 3015->2994 3028 85525-8554b call 84e60 call 84cc0 3015->3028 3016->3010 3018->2997 3025 856f1-85701 call ee960 3018->3025 3019->3018 3024 85630 3019->3024 3032 85635-85639 3024->3032 3025->2997 3044 8554d-8557f call ea920 * 2 call 86ae0 3028->3044 3045 855c4-855c9 3028->3045 3036 8563b-85641 3032->3036 3037 85643-8565a 3032->3037 3036->3032 3036->3037 3037->3018 3040 85660-856a2 call 84dc0 call f594f 3037->3040 3040->3018 3050 856a4-856e2 call 84dc0 call 84cc0 OutputDebugStringW call ee960 3040->3050 3057 85584-8558d 3044->3057 3045->2994 3061 856e7 3050->3061 3057->2975 3059 8558f-855c2 3057->3059 3059->2975 3061->3018
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000002,Software\McAfee\SystemCore,00000000,00020219,?), ref: 00085225
                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,szInstallDir32,00000000,?,?,?), ref: 00085265
                                                                                                                                                                                                                        • SetLastError.KERNEL32(0000006F,?,?,0014A17C), ref: 000852B6
                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 000852C2
                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 000852D0
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 000852F6
                                                                                                                                                                                                                        • OutputDebugStringW.KERNEL32(NCPrivateLoadAndValidateMPTDll: Looking in current directory), ref: 000853E3
                                                                                                                                                                                                                        • OutputDebugStringW.KERNEL32(NCPrivateLoadAndValidateMPTDll: Looking in EXE directory), ref: 000854A1
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • NCPrivateLoadAndValidateMPTDll: Looking in current directory, xrefs: 000853DE
                                                                                                                                                                                                                        • Software\McAfee\SystemCore, xrefs: 0008521B
                                                                                                                                                                                                                        • %ls\%ls, xrefs: 00085533
                                                                                                                                                                                                                        • NCPrivateLoadAndValidateMPTDll: Looking in EXE directory, xrefs: 0008549C
                                                                                                                                                                                                                        • szInstallDir32, xrefs: 0008525F
                                                                                                                                                                                                                        • NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x, xrefs: 000856B7
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseDebugErrorLastOutputString$OpenQueryValue
                                                                                                                                                                                                                        • String ID: %ls\%ls$NCPrivateLoadAndValidateMPTDll: Looking in EXE directory$NCPrivateLoadAndValidateMPTDll: Looking in current directory$NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x$Software\McAfee\SystemCore$szInstallDir32
                                                                                                                                                                                                                        • API String ID: 901107078-3767168787
                                                                                                                                                                                                                        • Opcode ID: 07320eb1755678e9b97325eebe91fcb07e35d03808085dff97b0f0b7d9b7e4f4
                                                                                                                                                                                                                        • Instruction ID: b51fdda3a6bd3dac02a95684734473ca5e198e738ace6246aad470dae5097f64
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07320eb1755678e9b97325eebe91fcb07e35d03808085dff97b0f0b7d9b7e4f4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4D1B170E00619AFEF64EB64DC45BDEB7B5BF04301F0480A9E549A6282EB709E94CF91
                                                                                                                                                                                                                        Function 000870D9 Relevance: 27.2, APIs: 4, Strings: 11, Instructions: 977COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00094B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0009521E
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00087D3D
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00087DFC
                                                                                                                                                                                                                        • __Mtx_unlock.LIBCPMT ref: 00087DC8
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00087EBB
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • u, xrefs: 00087B57
                                                                                                                                                                                                                        • Failed to add event label (, xrefs: 00087508
                                                                                                                                                                                                                        • Failed to add reserved 2 dimension (, xrefs: 00087834
                                                                                                                                                                                                                        • Failed to add event category (, xrefs: 000871F0
                                                                                                                                                                                                                        • Failed to add reserved 5 dimension (, xrefs: 00087CFD
                                                                                                                                                                                                                        • Failed to add reserved 1 dimension (, xrefs: 0008769E
                                                                                                                                                                                                                        • Service has not been initialized, xrefs: 00087E88
                                                                                                                                                                                                                        • Failed to add event action (, xrefs: 00087379
                                                                                                                                                                                                                        • Failed to add reserved 3 dimension (, xrefs: 000879CD
                                                                                                                                                                                                                        • Failed to add reserved 4 dimension (, xrefs: 00087B63
                                                                                                                                                                                                                        • z, xrefs: 00087CF1
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitializeMtx_unlock
                                                                                                                                                                                                                        • String ID: Failed to add event action ($Failed to add event category ($Failed to add event label ($Failed to add reserved 1 dimension ($Failed to add reserved 2 dimension ($Failed to add reserved 3 dimension ($Failed to add reserved 4 dimension ($Failed to add reserved 5 dimension ($Service has not been initialized$u$z
                                                                                                                                                                                                                        • API String ID: 342047005-3525645681
                                                                                                                                                                                                                        • Opcode ID: e62a6b40f78105af3b7afb3587beaa914f63242cc1279e6baf22cdb4d91e6ea2
                                                                                                                                                                                                                        • Instruction ID: 19c5df29433b36d773678a8061ad92df9fae1a598937378aef6485871c3aa12b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e62a6b40f78105af3b7afb3587beaa914f63242cc1279e6baf22cdb4d91e6ea2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3482E270A04344DFDB18EF24C895BEE7BA4BF45304F20419CE85A5B297EB75DA44CBA2
                                                                                                                                                                                                                        Function 00088FB0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CoCreateGuid.OLE32(?), ref: 00088FC8
                                                                                                                                                                                                                        • StringFromCLSID.OLE32(?,?), ref: 00088FE0
                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(?), ref: 00089138
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00089173
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000893D1
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • SOFTWARE\McAfee\WebAdvisor, xrefs: 000891FB
                                                                                                                                                                                                                        • Could not create registry key , xrefs: 0008923F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Concurrency::cancel_current_taskCreateFreeFromGuidIos_base_dtorStringTaskstd::ios_base::_
                                                                                                                                                                                                                        • String ID: Could not create registry key $SOFTWARE\McAfee\WebAdvisor
                                                                                                                                                                                                                        • API String ID: 3741506170-3627174789
                                                                                                                                                                                                                        • Opcode ID: 810f1a9da4870c02b80bf2c70cc7df160156eb1955d9da58d4392bc7eba6eac2
                                                                                                                                                                                                                        • Instruction ID: 772ead55077b3c54e3ecaed23a0b321b1279f0dede478957c59f2021d9b66967
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 810f1a9da4870c02b80bf2c70cc7df160156eb1955d9da58d4392bc7eba6eac2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F810571A04205AFDB14FF64DC49BAE77E8FF44310F14862DF95A97292EB34AA04CB91
                                                                                                                                                                                                                        Function 00074C8E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00074CA6
                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00074CB8
                                                                                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 00074CD3
                                                                                                                                                                                                                        • Process32NextW.KERNEL32(00000000,0000022C), ref: 00074CE9
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00074CFA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process32$CloseCreateCurrentFirstHandleNextProcessSnapshotToolhelp32
                                                                                                                                                                                                                        • String ID: saBSI.exe
                                                                                                                                                                                                                        • API String ID: 592884611-3955546181
                                                                                                                                                                                                                        • Opcode ID: a1427d0e906dbc389238db15a8081c51dbec62654b2b58cee663ac0aa62f643c
                                                                                                                                                                                                                        • Instruction ID: 8d8fcf23a05690251c0494c25bcdc46b05821a044472d6ba360c2637f619184d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1427d0e906dbc389238db15a8081c51dbec62654b2b58cee663ac0aa62f643c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A212B72A05300AFD370EB24EC49AAF77D4EB85324F154228F959C71E1E7389D468A9A
                                                                                                                                                                                                                        Function 000A73B0 Relevance: 9.2, Strings: 7, Instructions: 433COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: HeapProcess
                                                                                                                                                                                                                        • String ID: &$&$CObfuscatedIniReader cannot load file: %s$Key was not found: %s$NWebAdvisor::CSubInfoDatReader::ReadString$No section found for %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubInfoDataReader.cpp
                                                                                                                                                                                                                        • API String ID: 54951025-2132657581
                                                                                                                                                                                                                        • Opcode ID: 68e0eae42a78bd890d0557a77d67d93bc8312a1eed3c78089920c8f47127bba0
                                                                                                                                                                                                                        • Instruction ID: 63a2426133a19bb986e47cf822116b5464ebd8533c6db6dc49787e4315e68d58
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68e0eae42a78bd890d0557a77d67d93bc8312a1eed3c78089920c8f47127bba0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4F1F270A04209DFEB50DFA8CC55B9EB7B1BF16314F14829DE809AB292EB759E44CF50
                                                                                                                                                                                                                        Function 00084F50 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000,384F580C), ref: 00084FB5
                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00084FDF
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00084FF2
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0008500B
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentDirectoryErrorLast
                                                                                                                                                                                                                        • String ID: %ls\%ls
                                                                                                                                                                                                                        • API String ID: 152501406-2125769799
                                                                                                                                                                                                                        • Opcode ID: fefcbc9358c2cec606633d8b16e9dcbf03eb7023721e0b49125076d105a4ff4f
                                                                                                                                                                                                                        • Instruction ID: 6b9c7fe57a1509c77591fdb15403104f52af017d67865f5cfb53f288ddb4c76f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fefcbc9358c2cec606633d8b16e9dcbf03eb7023721e0b49125076d105a4ff4f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C2418471E006159BDB24DFA5CC467AFBAF9BB44701F24413AF405EB282EB35D9058F91
                                                                                                                                                                                                                        Function 000BD540 Relevance: 7.2, Strings: 5, Instructions: 925COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Unable to substitute the arguments, xrefs: 000BE16E
                                                                                                                                                                                                                        • NEQ, xrefs: 000BD892
                                                                                                                                                                                                                        • invalid substitutor, xrefs: 000BDB5E
                                                                                                                                                                                                                        • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\VersionPrecondition.cpp, xrefs: 000BDB6A, 000BE17A
                                                                                                                                                                                                                        • NWebAdvisor::NXmlUpdater::CVersionPrecondition::IsPreconditionSatisfied, xrefs: 000BDB65, 000BE175
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: NEQ$NWebAdvisor::NXmlUpdater::CVersionPrecondition::IsPreconditionSatisfied$Unable to substitute the arguments$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\VersionPrecondition.cpp$invalid substitutor
                                                                                                                                                                                                                        • API String ID: 0-4090108046
                                                                                                                                                                                                                        • Opcode ID: 814da2a512322fa6100a416a86adc35e49f9a281f9f0f1fcdb719a4f81474be2
                                                                                                                                                                                                                        • Instruction ID: 11f1d3fd6484b95cc2cbd4154908c3cb446cf01545a38dc32d84435bbf3ab81c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 814da2a512322fa6100a416a86adc35e49f9a281f9f0f1fcdb719a4f81474be2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E282B070E00258CBDF18CFA8C855BEDBBB1BF45304F14829DE419AB291EB75AA85CF51
                                                                                                                                                                                                                        Function 00075C1E Relevance: 3.1, APIs: 2, Instructions: 76comCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CoCreateInstance.OLE32(0013D808,00000000,00000017,0014B024,00000000,384F580C,?,?,?,00000000,00000000,00000000,00118687,000000FF), ref: 00075C7A
                                                                                                                                                                                                                        • OleRun.OLE32(00000000), ref: 00075C89
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateInstance
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 542301482-0
                                                                                                                                                                                                                        • Opcode ID: b4da2857695faa8ef3961b29c11dc1b7944d1528ff31aed52861b589620083a6
                                                                                                                                                                                                                        • Instruction ID: 6ce9842bc9bc77cb0f79b3ff5ebb9734a445602eea2ed1a58fb115e91fdb6a2e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b4da2857695faa8ef3961b29c11dc1b7944d1528ff31aed52861b589620083a6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86218C75A00618AFCB15CB58DC45F6EB7F9FB88B22F104169F50AA73A0DB75AD01CA60
                                                                                                                                                                                                                        Function 00074E1F Relevance: 65.5, APIs: 9, Strings: 28, Instructions: 767COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 1406 74e1f-74e73 call 9d6d0 1409 74ec6-74ede call 74d63 1406->1409 1410 74e75-74ec1 call 79bb0 call 79940 call 71b84 call 71be0 call 7136c 1406->1410 1415 74ee0-74f34 call 79bb0 call 79940 call 71b84 call 71be0 call 7136c 1409->1415 1416 74f39-74f46 CoInitializeEx 1409->1416 1410->1409 1450 758da-758e1 1415->1450 1418 74f4d-74f51 call 75a4f 1416->1418 1419 74f48-74f4b 1416->1419 1423 74f56-74f7c call e8760 1418->1423 1419->1418 1419->1423 1433 74f86 1423->1433 1434 74f7e-74f84 1423->1434 1437 74f88-74f99 call 75d57 1433->1437 1434->1437 1444 74ff1-75008 call e8760 1437->1444 1445 74f9b-74fec call 79bb0 call 79940 call 71b84 call 71be0 call 7136c 1437->1445 1455 75012 1444->1455 1456 7500a-75010 1444->1456 1479 758ba-758bf 1445->1479 1453 758e3-758e9 CloseHandle 1450->1453 1454 758ef-75913 call e8367 1450->1454 1453->1454 1459 75014-7502c call 75db6 1455->1459 1456->1459 1465 7502e-75076 call 79bb0 call 79940 call 71b84 call 71be0 call 7136c 1459->1465 1466 7507b-750cc call ea920 call e8760 1459->1466 1507 758ab-758b3 1465->1507 1480 750ce-750d6 call 86bd0 1466->1480 1481 750d8 1466->1481 1483 758c6-758d2 call 759c2 1479->1483 1484 758c1 call 77d21 1479->1484 1487 750da-750f0 call 75e16 1480->1487 1481->1487 1483->1450 1494 758d4 CoUninitialize 1483->1494 1484->1483 1497 75143-75154 1487->1497 1498 750f2-7513e call 79bb0 call 79940 call 71b84 call 71be0 call 7136c 1487->1498 1494->1450 1500 75156 1497->1500 1501 7515a-75176 1497->1501 1531 75897-7589c 1498->1531 1500->1501 1504 7517c-75194 1501->1504 1505 75178 1501->1505 1508 75196 1504->1508 1509 7519a-751a9 call a3670 1504->1509 1505->1504 1507->1479 1510 758b5 call 77d21 1507->1510 1508->1509 1517 751f7-75233 CommandLineToArgvW 1509->1517 1518 751ab-751f2 call 79bb0 call 79940 call 71b84 call 71be0 1509->1518 1510->1479 1532 75235-75282 call 79bb0 call 79940 call 71b84 call 71be0 GetLastError 1517->1532 1533 75284-752b0 call ea920 GetModuleFileNameW 1517->1533 1548 75310-75318 call 7136c 1518->1548 1536 758a3-758a6 call 75946 1531->1536 1537 7589e call 77d21 1531->1537 1567 752ff-7530a call 76140 1532->1567 1545 752b2-752fc call 79bb0 call 79940 call 71b84 call 71be0 GetLastError 1533->1545 1546 7531d-75367 call 7d730 call ea920 GetLongPathNameW 1533->1546 1536->1507 1537->1536 1545->1567 1564 7536d-75416 call 79bb0 call 79940 call 71b84 call 71be0 GetLastError call 76140 call 761b0 call 74190 call 7136c call eea46 1546->1564 1565 75419-75520 call 7171d * 2 call a5b70 call 73899 * 2 call 749d2 call 7171d * 2 call a5b70 call 73899 * 2 call 749d2 1546->1565 1548->1531 1564->1565 1615 75596-755a8 call 749d2 1565->1615 1616 75522-75591 call 74a04 call 7171d call a5b70 call 73899 * 2 1565->1616 1567->1548 1621 75611-7564f call 74a4a 1615->1621 1622 755aa-7560c call 7171d * 2 call a5b70 call 73899 * 2 1615->1622 1616->1615 1640 75651-75693 call 79bb0 call 79940 call 71b84 call 76220 call 7136c 1621->1640 1641 75698-756a9 call 74b92 1621->1641 1622->1621 1640->1641 1649 7571b-75729 call 73a88 1641->1649 1650 756ab-75716 call 79bb0 call 79940 call 71b84 call 71be0 1641->1650 1654 7572e-75733 1649->1654 1691 75887-7588c call 7136c 1650->1691 1657 757ed-75802 call 77d7c 1654->1657 1658 75739-7573b 1654->1658 1671 75806-75881 call 7372a call 79bb0 call 79940 call 71b84 call 71be0 call 76290 1657->1671 1672 75804 1657->1672 1660 75746-7575b call 77d7c 1658->1660 1661 7573d-75740 1658->1661 1674 7575f-757e8 call 7372a call 79bb0 call 79940 call 71b84 call 71be0 call 76290 call 7136c 1660->1674 1675 7575d 1660->1675 1661->1657 1661->1660 1671->1691 1672->1671 1699 7588f-75892 call 73899 1674->1699 1675->1674 1691->1699 1699->1531
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0009D6D0: GetModuleHandleW.KERNEL32(kernel32.dll,00074E6C,384F580C), ref: 0009D6D5
                                                                                                                                                                                                                          • Part of subcall function 0009D6D0: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0009D6E5
                                                                                                                                                                                                                        • CoInitializeEx.COMBASE(00000000,00000000,384F580C), ref: 00074F3E
                                                                                                                                                                                                                        • CommandLineToArgvW.SHELL32(?,?), ref: 00075226
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000001), ref: 00075276
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 000752A8
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000001), ref: 000752F3
                                                                                                                                                                                                                        • GetLongPathNameW.KERNEL32(?,?,00000104), ref: 0007535F
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000002), ref: 000753AE
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,00000001), ref: 000758E9
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                          • Part of subcall function 0007136C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000713A5
                                                                                                                                                                                                                        • CoUninitialize.OLE32(?,00000001), ref: 000758D4
                                                                                                                                                                                                                          • Part of subcall function 00086BD0: __Mtx_init_in_situ.LIBCPMT ref: 00086CC0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLast$HandleInitInitializeIos_base_dtorModuleNameOncestd::ios_base::_$AddressArgvBeginCloseCommandCompleteFileLineLongMtx_init_in_situPathProcUninitialize
                                                                                                                                                                                                                        • String ID: /no_self_update$/store_xml_on_disk$/xml$BSI installation success. Exit code: $BootStrapInstaller$CommandLineToArgvW failed: $Ended$FALSE$Failed$Failed to allocate memory for event sender service$Failed to create xml updater logger$Failed to create xml updater signature verifier$GetLongPathName failed ($GetModuleFileName failed: $InitSecureDllLoading failed.$Install$InvalidArguments$MAIN_XML$Process$SA/WA installation failed with exit code: $SELF_UPDATE_ALLOWED$STORE_XML_ON_DISK$SaBsi.cpp$Some command line BSI variables are invalid.$Started$TRUE$WaitForOtherBSIToExit failed$failed to initialize updater
                                                                                                                                                                                                                        • API String ID: 126520999-360321973
                                                                                                                                                                                                                        • Opcode ID: 446e39c121d090b804b387d2ac1dbaf540d355b242ad354a49a1b043a611a20c
                                                                                                                                                                                                                        • Instruction ID: 966c44480b44e015f9347b73fdad61946bd8520b6f4d4d8102ea5a782fc68bcf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 446e39c121d090b804b387d2ac1dbaf540d355b242ad354a49a1b043a611a20c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF624D70D00248DFDF14EFA4D995BED7BB4AF04344F508059F80DA7292EB78AA48CBA5
                                                                                                                                                                                                                        Function 000AEFC0 Relevance: 63.7, APIs: 13, Strings: 23, Instructions: 743COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 1717 aefc0-af053 call c41f0 call c4430 1722 af07f-af13b call aea50 call ea920 * 2 1717->1722 1723 af055-af06b call a8650 1717->1723 1738 af168-af170 1722->1738 1739 af13d-af163 GetLastError call ae9b0 1722->1739 1726 af070-af07a 1723->1726 1728 afa58-afa83 call c4210 call e8367 1726->1728 1741 af18d-af1ab call c4280 1738->1741 1742 af172-af186 1738->1742 1745 af3cb-af3e6 call a8650 1739->1745 1748 af1d8-af209 call c4480 1741->1748 1749 af1ad-af1d3 GetLastError call ae9b0 1741->1749 1742->1741 1745->1728 1755 af20b-af231 GetLastError call ae9b0 1748->1755 1756 af236-af255 call c4250 1748->1756 1749->1745 1755->1745 1761 af289-af29a call c4640 1756->1761 1762 af257-af286 call a8650 1756->1762 1767 af29c-af2ee GetLastError call ae9b0 call a8650 1761->1767 1768 af2f3-af300 call c4620 1761->1768 1762->1761 1767->1728 1774 af329-af33f call c4560 1768->1774 1775 af302-af324 GetLastError call ae9b0 1768->1775 1782 af389-af3a7 call c44c0 1774->1782 1783 af341-af384 GetLastError call ae9b0 call a8650 1774->1783 1775->1745 1788 af3eb-af41a call f594f 1782->1788 1789 af3a9-af3c6 GetLastError call ae9b0 1782->1789 1783->1728 1796 af45a-af461 1788->1796 1797 af41c-af455 call ae9b0 call a8650 1788->1797 1789->1745 1798 af4c2-af4db call b08c0 1796->1798 1799 af463-af48f 1796->1799 1810 afa4f-afa55 call ee960 1797->1810 1808 af4e0-af501 call 744b2 1798->1808 1801 af495-af49e 1799->1801 1801->1801 1804 af4a0-af4c0 call 7347e 1801->1804 1804->1808 1816 af51d-af523 1808->1816 1817 af503-af517 call 738d0 1808->1817 1810->1728 1818 af530-af537 1816->1818 1819 af525-af52b call 738d0 1816->1819 1817->1816 1822 af539-af53f 1818->1822 1823 af5a0-af5de call b0230 1818->1823 1819->1818 1825 af561-af582 call a8650 1822->1825 1826 af541-af55f call a8650 1822->1826 1831 af5e0-af5e6 1823->1831 1832 af657-af669 call 738d0 1823->1832 1837 af585-af59b call ae9b0 1825->1837 1826->1837 1835 af5e8-af5f7 1831->1835 1836 af625-af654 1831->1836 1846 af66b 1832->1846 1847 af66d-af676 PathFileExistsW 1832->1847 1839 af5f9-af607 1835->1839 1840 af60f-af61f call e8375 1835->1840 1836->1832 1853 afa44-afa4a call 738d0 1837->1853 1843 afadf-afb00 call ed60f 1839->1843 1844 af60d 1839->1844 1840->1836 1862 afb0d-afb11 1843->1862 1863 afb02-afb0a call e8375 1843->1863 1844->1840 1846->1847 1851 af67c-af68b 1847->1851 1852 af83d-af844 1847->1852 1858 af8b8-af8bc 1851->1858 1859 af691-af6a4 1851->1859 1856 af848-af86a CreateFileW 1852->1856 1857 af846 1852->1857 1853->1810 1864 af8fa-af942 call c35a0 call c45f0 1856->1864 1865 af870-af8b3 call ae9b0 call a8650 1856->1865 1857->1856 1860 af8be 1858->1860 1861 af8c0-af8f5 call a8650 call ae9b0 1858->1861 1866 afada call 734d0 1859->1866 1867 af6aa-af6ae 1859->1867 1860->1861 1861->1853 1863->1862 1891 af948 1864->1891 1892 af9d6-afa1a CloseHandle call c35f0 call 7149c 1864->1892 1865->1853 1866->1843 1868 af6b8-af6f2 1867->1868 1869 af6b0-af6b2 1867->1869 1875 af739-af7ba call ea3a0 DeleteFileW 1868->1875 1876 af6f4-af6ff 1868->1876 1869->1868 1895 af7be-af7ca call f65f0 1875->1895 1896 af7bc 1875->1896 1882 af708-af70f 1876->1882 1883 af701-af706 1876->1883 1888 af712-af733 call 733c3 1882->1888 1883->1888 1888->1875 1897 af950-af958 1891->1897 1914 afa1c-afa1f 1892->1914 1915 afa24-afa33 call ae9b0 1892->1915 1908 af82e-af838 call 738d0 1895->1908 1909 af7cc-af7ee call ed73d call ae9b0 1895->1909 1896->1895 1897->1892 1902 af95a-af973 WriteFile 1897->1902 1905 af979-af9c9 call ae990 call c4140 call c45f0 1902->1905 1906 afa86-afad5 call ae9b0 call a8650 CloseHandle 1902->1906 1934 af9ce-af9d0 1905->1934 1929 afa3a 1906->1929 1908->1852 1927 af7f2-af829 call a8650 call 738d0 1909->1927 1928 af7f0 1909->1928 1914->1915 1915->1929 1927->1853 1928->1927 1929->1853 1934->1892 1934->1897
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 000AF13D
                                                                                                                                                                                                                          • Part of subcall function 000A8650: std::locale::_Init.LIBCPMT ref: 000A882F
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,00000006,00000000,?,?,?,00000000,?,?,?,00000000,00000000), ref: 000AFAC8
                                                                                                                                                                                                                          • Part of subcall function 000EE960: _free.LIBCMT ref: 000EE973
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseErrorHandleInitLast_freestd::locale::_
                                                                                                                                                                                                                        • String ID: <$Cache-Control: no-cache$CreateFile failed (%d)$File already exists: %s$GET$HTTP GET request failed (%d), url: %s$HTTP add request headers failed (%d), url: %s$HTTP connection failed (%d), url: %s$HTTP query content length (%d), url: %s$HTTP receive response failed (%d), url: %s$HTTP send request failed (%d), url: %s, ignore proxy flag %s$HTTP status (%d) error (%d), url: %s$NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk::<lambda_2af623cb1b195cc2505e5df23daadde2>::operator ()$Unable to allocate %d bytes$Unable to extract the filename from url (%s)$Unable to open HTTP transaction$Unable to rename the old file (%d): %s$WinHttpCrackUrl failed (%d), url: %s$WriteFile failed (%d)$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp$empty filename$false$true
                                                                                                                                                                                                                        • API String ID: 2292809486-983596374
                                                                                                                                                                                                                        • Opcode ID: f1b8df3df2ecc443df6fd021b679c6db619233b9f6e94d4b10a23f24a91b5769
                                                                                                                                                                                                                        • Instruction ID: 9da4a67ca4c7426a157c10bfac00d188576c5c030a9467a69e708ea8f472b419
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1b8df3df2ecc443df6fd021b679c6db619233b9f6e94d4b10a23f24a91b5769
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C629EB0A4061AAFDB24DB90CC45FE9B7B5BF55704F0041E8F61867292DBB0AE84CF95
                                                                                                                                                                                                                        Function 000B65F0 Relevance: 38.9, APIs: 4, Strings: 18, Instructions: 416COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 2370 b65f0-b6642 2371 b6646-b664a 2370->2371 2372 b6644 2370->2372 2373 b6650-b6662 call 71b0c 2371->2373 2374 b68c4-b68de 2371->2374 2372->2371 2373->2374 2381 b6668-b6690 2373->2381 2376 b6a8f-b6aa3 call e88fa 2374->2376 2377 b68e4-b6900 call a1ac0 2374->2377 2376->2377 2384 b6aa9-b6cc3 call b60c0 * 3 call 7347e call b60c0 * 2 call 7347e * 4 call b6400 call e85d4 call e85bf call e88b0 2376->2384 2387 b695a-b6960 2377->2387 2388 b6902-b6912 2377->2388 2385 b6712 2381->2385 2386 b6696-b66be 2381->2386 2384->2377 2390 b6719-b6727 2385->2390 2393 b66c4-b66cd 2386->2393 2391 b6962 2387->2391 2392 b6964-b69a1 call a8650 2387->2392 2394 b6916-b6923 2388->2394 2395 b6914 2388->2395 2397 b6729-b672f call 738d0 2390->2397 2398 b6734-b673b 2390->2398 2391->2392 2412 b69a4-b69ad 2392->2412 2393->2393 2400 b66cf-b6710 call 7347e call a93a0 2393->2400 2401 b692d-b694e call 71b0c 2394->2401 2402 b6925-b6927 2394->2402 2395->2394 2397->2398 2405 b67a8-b67df call ea920 2398->2405 2406 b673d-b677c call a8650 2398->2406 2400->2385 2400->2390 2417 b69db-b69e4 2401->2417 2418 b6954 2401->2418 2402->2401 2423 b681d 2405->2423 2424 b67e1-b67f5 2405->2424 2427 b6780-b6789 2406->2427 2412->2412 2421 b69af-b69b7 call 7347e 2412->2421 2417->2387 2425 b69ea-b69f6 2417->2425 2418->2387 2418->2425 2434 b69bc-b69d8 call e8367 2421->2434 2431 b681f-b6843 GetEnvironmentVariableW 2423->2431 2424->2423 2430 b67f7-b67fd 2424->2430 2425->2387 2435 b69fc-b6a1c SHGetKnownFolderPath 2425->2435 2427->2427 2433 b678b-b67a3 call 7347e call 738d0 2427->2433 2436 b6800 2430->2436 2437 b686e-b68b1 GetLastError call a8650 2431->2437 2438 b6845-b684a 2431->2438 2433->2434 2442 b6a1e-b6a22 2435->2442 2443 b6a54-b6a8a call 714a1 CoTaskMemFree call 744b2 call 738d0 2435->2443 2436->2423 2447 b6802-b6805 2436->2447 2461 b68b4-b68bd 2437->2461 2438->2437 2449 b684c-b6865 call 714a1 call 738d0 2438->2449 2445 b6a26-b6a4f call a8650 call 714a1 2442->2445 2446 b6a24 2442->2446 2443->2434 2445->2434 2446->2445 2455 b686a-b686c 2447->2455 2456 b6807-b681b 2447->2456 2449->2434 2455->2431 2456->2423 2456->2436 2461->2461 2467 b68bf 2461->2467 2467->2374
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetEnvironmentVariableW.KERNEL32(ProgramW6432,?,00000104), ref: 000B683B
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 000B686E
                                                                                                                                                                                                                        • SHGetKnownFolderPath.SHELL32(?,00000000,00000000,?,?,?,?), ref: 000B6A15
                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000000,?,?,?,?), ref: 000B6A6B
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: EnvironmentErrorFolderFreeKnownLastPathTaskVariable
                                                                                                                                                                                                                        • String ID: CSIDL_COMMON_APPDATA$CSIDL_COMMON_DOCUMENTS$CSIDL_COMMON_STARTUP$CSIDL_PROGRAM_FILES$CSIDL_PROGRAM_FILESX64$CSIDL_PROGRAM_FILESX86$CSIDL_PROGRAM_FILES_COMMON$CSIDL_SYSTEM$CSIDL_SYSTEMX86$CSIDL_WINDOWS$Error retrieving directory %s$GetEnvironmentVariable failed (%d)$NWebAdvisor::NXmlUpdater::CDirSubstitution::Substitute$ProgramFiles$ProgramW6432$Unable to get the platform$Unknown folder identifier: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DirSubstitution.cpp
                                                                                                                                                                                                                        • API String ID: 3946049928-1874136459
                                                                                                                                                                                                                        • Opcode ID: 7d44ce4019a90d26543a3c3ed0935dcf8a04850c72f5f2555ff9bbc1738c314c
                                                                                                                                                                                                                        • Instruction ID: 26b0f7d5f4db967b644a977e66ac1341d2c4be0c3a7a53d4a701eed492497b4b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d44ce4019a90d26543a3c3ed0935dcf8a04850c72f5f2555ff9bbc1738c314c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2102AF70A40358DADB24DF64CC5ABDDB7B0EF14708F108199E409672D2EBBA6AC8CF55
                                                                                                                                                                                                                        Function 000AEAA0 Relevance: 37.8, APIs: 8, Strings: 17, Instructions: 326COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 2492 aeaa0-aeb46 call c41f0 call c4430 2497 aec1b-aec28 2492->2497 2498 aeb4c-aebf6 call ea920 * 2 2492->2498 2499 aef5b-aef83 call c4210 call e8367 2497->2499 2509 aebf8-aec18 GetLastError call a8650 2498->2509 2510 aec2d-aec35 2498->2510 2509->2497 2512 aec52-aec6d call c4280 2510->2512 2513 aec37-aec4b 2510->2513 2517 aec6f-aec9f GetLastError call a8650 2512->2517 2518 aeca4-aecd5 call c4480 2512->2518 2513->2512 2517->2499 2523 aed0c-aed2b call c4250 2518->2523 2524 aecd7-aed07 GetLastError call a8650 2518->2524 2529 aed4c-aed5d call c4640 2523->2529 2530 aed2d-aed49 GetLastError call a8650 2523->2530 2524->2499 2535 aed5f-aeda0 GetLastError call a8650 2529->2535 2536 aeda5-aedb2 call c4620 2529->2536 2530->2529 2535->2499 2541 aedb4-aede0 GetLastError call a8650 2536->2541 2542 aede5-aedfb call c4560 2536->2542 2541->2499 2547 aedfd-aee2f GetLastError call a8650 2542->2547 2548 aee34-aee52 call c44c0 2542->2548 2547->2499 2553 aee88-aeea4 call f594f 2548->2553 2554 aee54-aee83 GetLastError call a8650 2548->2554 2559 aeeda-aef01 call c45f0 2553->2559 2560 aeea6-aeed5 call a8650 call ee960 2553->2560 2554->2499 2564 aef06-aef08 2559->2564 2560->2499 2566 aef0a 2564->2566 2567 aef46-aef58 call ee960 2564->2567 2570 aef10-aef18 2566->2570 2567->2499 2570->2567 2572 aef1a-aef22 2570->2572 2573 aef86-aefb9 call a8650 call ee960 2572->2573 2574 aef24-aef44 call c45f0 2572->2574 2573->2499 2574->2567 2574->2570
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetLastError.KERNEL32(384F580C), ref: 000AEBF9
                                                                                                                                                                                                                        • GetLastError.KERNEL32(384F580C,?,00000000,?), ref: 000AEC70
                                                                                                                                                                                                                        • GetLastError.KERNEL32(384F580C,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 000AECD8
                                                                                                                                                                                                                          • Part of subcall function 000A8650: std::locale::_Init.LIBCPMT ref: 000A882F
                                                                                                                                                                                                                        • GetLastError.KERNEL32(384F580C,Cache-Control: no-cache,000000FF,40000000,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 000AED2E
                                                                                                                                                                                                                        • GetLastError.KERNEL32(384F580C,true,00000000,00000000,Cache-Control: no-cache,000000FF,40000000,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 000AED75
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLast$Initstd::locale::_
                                                                                                                                                                                                                        • String ID: @]$Cache-Control: no-cache$GET$HTTP GET request failed (%d), url: %s$HTTP add request headers failed (%d), url: %s$HTTP connection failed (%d), url: %s$HTTP query content length (%d), url: %s$HTTP receive response failed (%d), url: %s$HTTP send request failed (%d), url: %s, proxy ignore flag %s$HTTP status (%d) error (%d), url: %s$NWebAdvisor::NHttp::NDownloadFile::From::<lambda_1effc98e56da47b46c9f3c737083b6c0>::operator ()$Not enough space in buffer: bufferLength(%d) Read(%d)$Unable to allocate %d bytes$WinHttpCrackUrl failed (%d), url: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp$false$true
                                                                                                                                                                                                                        • API String ID: 1579124236-2476229
                                                                                                                                                                                                                        • Opcode ID: 80bacfdb3ef6bb1fbe18286480d54040b90ff53f88da78e12b596c47bb7f32ab
                                                                                                                                                                                                                        • Instruction ID: 3a27dd3d9951f380bbdb2796ad6acbe41aea65ab151edabb2dc33f0bae468a25
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80bacfdb3ef6bb1fbe18286480d54040b90ff53f88da78e12b596c47bb7f32ab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01C1B3F0A40758AAEB209F50CC52FE9B7B9BF15B04F404199F609771C2E7B16A84CF69
                                                                                                                                                                                                                        Function 000ABC60 Relevance: 33.8, APIs: 2, Strings: 17, Instructions: 570fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 2581 abc60-abd0a call 7347e 2584 abd0e-abd14 2581->2584 2585 abd0c 2581->2585 2586 abd18-abd39 call afbe0 2584->2586 2587 abd16 2584->2587 2585->2584 2590 abd3b-abd3f 2586->2590 2591 abd6e-abd94 PathFindExtensionW call f2041 2586->2591 2587->2586 2592 abd43-abd63 call a8650 2590->2592 2593 abd41 2590->2593 2598 abdaa-abdbe 2591->2598 2599 abd96-abda8 call f2041 2591->2599 2602 abd69 2592->2602 2603 abe5d-abe5f 2592->2603 2593->2592 2600 abdc9-abdce call beb20 2598->2600 2601 abdc0-abdc7 2598->2601 2599->2598 2609 abdea-abdfa call abbf0 2599->2609 2616 abdd1-abdd3 2600->2616 2601->2616 2608 abe4b-abe57 DeleteFileW 2602->2608 2607 abe63-abe69 2603->2607 2612 abe6b-abe7d 2607->2612 2613 abe99-abeb3 2607->2613 2608->2603 2631 abdfc-abe0e 2609->2631 2632 abe61 2609->2632 2618 abe8f-abe96 call e8375 2612->2618 2619 abe7f-abe8d 2612->2619 2614 abee3-abf00 call e8367 2613->2614 2615 abeb5-abec7 2613->2615 2620 abed9-abee0 call e8375 2615->2620 2621 abec9-abed7 2615->2621 2616->2609 2623 abdd5-abde8 2616->2623 2618->2613 2619->2618 2626 abf03-abf63 call ed60f 2619->2626 2620->2614 2621->2620 2621->2626 2630 abe37-abe48 call a8650 2623->2630 2641 abf74-ac0e0 call 7347e call a67e0 call 738d0 call 7347e call a67e0 call 738d0 call 7347e call a67e0 call 738d0 call 7347e call a67e0 call 738d0 call 7347e call a67e0 call 738d0 2626->2641 2642 abf65-abf6f 2626->2642 2630->2608 2637 abe12-abe1f call f2041 2631->2637 2638 abe10 2631->2638 2632->2607 2637->2632 2646 abe21-abe32 2637->2646 2638->2637 2686 ac37d-ac382 2641->2686 2687 ac0e6-ac0ee 2641->2687 2645 ac387-ac39d call a8650 2642->2645 2652 ac39f-ac3a4 2645->2652 2646->2630 2654 ac3a6-ac3b0 2652->2654 2655 ac3c7-ac3e4 call e8367 2652->2655 2654->2655 2658 ac3b2-ac3be 2654->2658 2658->2655 2664 ac3c0-ac3c2 2658->2664 2664->2655 2686->2645 2687->2686 2688 ac0f4-ac0fc 2687->2688 2689 ac0fe-ac113 call 714a1 2688->2689 2690 ac115-ac121 call 714c1 2688->2690 2695 ac126-ac13c call 744b2 2689->2695 2690->2695 2698 ac13e-ac147 call 738d0 2695->2698 2699 ac14c-ac153 2695->2699 2698->2699 2701 ac166-ac171 2699->2701 2702 ac155-ac161 call 738d0 2699->2702 2704 ac188-ac197 call 714c1 2701->2704 2705 ac173-ac186 call 714a1 2701->2705 2702->2701 2710 ac19a-ac1b0 call 744b2 2704->2710 2705->2710 2713 ac1b2-ac1be call 738d0 2710->2713 2714 ac1c3-ac1ca 2710->2714 2713->2714 2716 ac1cc-ac1d8 call 738d0 2714->2716 2717 ac1dd-ac1e5 2714->2717 2716->2717 2719 ac1fc-ac20b call 714c1 2717->2719 2720 ac1e7-ac1fa call 714a1 2717->2720 2725 ac20e-ac221 call 744b2 2719->2725 2720->2725 2728 ac223-ac22c call 738d0 2725->2728 2729 ac231-ac238 2725->2729 2728->2729 2731 ac23a-ac240 call 738d0 2729->2731 2732 ac245-ac25e call aa380 2729->2732 2731->2732 2736 ac346-ac34b 2732->2736 2737 ac264-ac271 call aa380 2732->2737 2738 ac34d-ac35e call a8650 2736->2738 2737->2736 2743 ac277-ac284 call aa380 2737->2743 2745 ac361 2738->2745 2743->2736 2749 ac28a-ac297 2743->2749 2747 ac363-ac37b call 738d0 * 3 2745->2747 2747->2652 2751 ac29b-ac2aa call 114db0 2749->2751 2752 ac299 2749->2752 2758 ac2cf-ac301 call 714a1 call a67e0 call 738d0 2751->2758 2759 ac2ac-ac2ca call a8650 2751->2759 2752->2751 2769 ac323-ac33d call abc60 2758->2769 2770 ac303-ac310 call aa380 2758->2770 2759->2745 2774 ac342-ac344 2769->2774 2775 ac31b-ac31f 2770->2775 2776 ac312-ac319 2770->2776 2774->2747 2775->2769 2777 ac321 2775->2777 2776->2738 2777->2769
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • PathFindExtensionW.SHLWAPI(00000000,?,?,?,?,0014BFD0,00000000,384F580C), ref: 000ABD7A
                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(00000000), ref: 000ABE57
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DeleteExtensionFileFindPath
                                                                                                                                                                                                                        • String ID: .cab$.exe$DestDir$DestFile$Location$MD5$NWebAdvisor::NXmlUpdater::CDownloadCommand::DownloadCommand$NWebAdvisor::NXmlUpdater::CDownloadCommand::Execute$Unable to create destination directory (%d)$Unable to download %s$Unable to get substitute download variables$Unable to read Location and/or DestDir attribute of DOWNLOAD command$Unable to verify MD5, deleting file: %s$Unable to verify signature, deleting file: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DownloadCommand.cpp$extra$invalid substitutor
                                                                                                                                                                                                                        • API String ID: 3618814920-733304951
                                                                                                                                                                                                                        • Opcode ID: 18bee27fbb58eb416a912a6d0b4f5706bc213fdb32a8f82b55c88427805d3a6f
                                                                                                                                                                                                                        • Instruction ID: 1c265e26e753198523ef7a787c2b3125e84595e2f2df43c5f89dd79fc6fd7f20
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 18bee27fbb58eb416a912a6d0b4f5706bc213fdb32a8f82b55c88427805d3a6f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31226071E00208DBEF24DFA4CC95BEEB7B5BF19304F108159E519A7282DB75AA48CF61
                                                                                                                                                                                                                        Function 00080890 Relevance: 30.3, APIs: 13, Strings: 4, Instructions: 560COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 2778 80890-808e2 call d3bab 2781 808e8-808ee 2778->2781 2782 81045-81046 call d3faf 2778->2782 2784 80a53-80a70 call ea920 2781->2784 2785 808f4-8090b ConvertStringSecurityDescriptorToSecurityDescriptorW 2781->2785 2786 8104b call ed60f 2782->2786 2798 80a72 2784->2798 2799 80a75-80ab6 call 83110 2784->2799 2787 8101f-81042 call d3bbc call e8367 2785->2787 2788 80911-80939 2785->2788 2795 81050-81053 2786->2795 2791 8093b 2788->2791 2792 8093d-80942 2788->2792 2791->2792 2796 80945-8094e 2792->2796 2800 8105c-81069 2795->2800 2801 81055-8105a 2795->2801 2796->2796 2802 80950-8099f call 7f520 call 7e640 2796->2802 2798->2799 2811 80fa9-8101c call 82b90 call d2bfd 2799->2811 2812 80abc-80ac0 2799->2812 2805 8106c-81098 call 72a82 call 728d1 call ea332 2800->2805 2801->2805 2822 809a4-809bf 2802->2822 2811->2787 2816 80d19-80d26 2812->2816 2817 80ac6-80bba call e8713 call ea920 call d3367 call d3184 call d33f6 call 73128 call d3084 call d31e9 2812->2817 2818 80d28 2816->2818 2819 80d2a-80d53 call 789b0 2816->2819 2900 80bbc-80bcc call d3367 2817->2900 2901 80bef-80c12 call d5688 2817->2901 2818->2819 2843 80d59-80d70 call 72c9c 2819->2843 2844 80e00-80e0a 2819->2844 2827 809fc-80a1b 2822->2827 2828 809c1-809d6 2822->2828 2831 80a1d-80a1f 2827->2831 2832 80a31-80a40 2827->2832 2836 809d8-809e6 2828->2836 2837 809ec-809f9 call e8375 2828->2837 2831->2787 2842 80a25-80a2c LocalFree 2831->2842 2840 80a51 2832->2840 2841 80a42-80a4f LocalFree 2832->2841 2836->2786 2836->2837 2837->2827 2840->2784 2841->2784 2842->2787 2855 80db8-80dc3 call d38a1 2843->2855 2856 80d72-80d8a 2843->2856 2844->2811 2849 80e10-80e3a call 72c9c 2844->2849 2857 80e89-80eb2 call d38a1 2849->2857 2858 80e3c-80e6c call 82380 2849->2858 2866 80dcd-80de5 2855->2866 2867 80dc5-80dc8 call 72510 2855->2867 2856->2855 2877 80d8c-80db2 2856->2877 2875 80ebc 2857->2875 2876 80eb4-80eb7 call 72510 2857->2876 2879 80e6e-80e79 call d38a1 2858->2879 2872 80dfc 2866->2872 2873 80de7-80df4 2866->2873 2867->2866 2872->2844 2873->2872 2878 80ec0-80ed4 2875->2878 2876->2875 2877->2795 2877->2855 2882 80eeb-80f0d 2878->2882 2883 80ed6-80ee3 2878->2883 2893 80e7b-80e7e call 72510 2879->2893 2894 80e83-80e87 2879->2894 2882->2811 2887 80f13 2882->2887 2883->2882 2891 80f1e-80f2b call 83030 2887->2891 2892 80f15-80f18 2887->2892 2903 80f78-80f82 2891->2903 2904 80f2d-80f63 2891->2904 2892->2811 2892->2891 2893->2894 2894->2878 2911 80bde-80bec call d33bf 2900->2911 2912 80bce-80bd9 2900->2912 2914 80c5f-80c7e call 82c50 2901->2914 2915 80c14-80c16 2901->2915 2906 80f84 2903->2906 2907 80f86-80fa4 call 7e790 call 81740 2903->2907 2904->2903 2910 80f65-80f68 2904->2910 2906->2907 2907->2811 2910->2800 2916 80f6e-80f73 2910->2916 2911->2901 2912->2911 2927 80caf-80cb4 2914->2927 2928 80c80-80c9a 2914->2928 2920 80c18-80c1e call ee960 2915->2920 2921 80c21-80c2d 2915->2921 2916->2805 2920->2921 2926 80c30-80c34 2921->2926 2926->2926 2930 80c36-80c4e call f594f 2926->2930 2931 80ce2-80ceb 2927->2931 2932 80cb6-80ccd 2927->2932 2928->2927 2944 80c9c-80caa 2928->2944 2930->2914 2937 80c50-80c5c call ea3a0 2930->2937 2931->2816 2936 80ced-80d04 2931->2936 2932->2931 2945 80ccf-80cdd 2932->2945 2936->2816 2947 80d06-80d14 2936->2947 2937->2914 2944->2927 2945->2931 2947->2816
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 00080903
                                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?), ref: 00080A26
                                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?), ref: 00080A43
                                                                                                                                                                                                                          • Part of subcall function 00072510: __EH_prolog3_catch.LIBCMT ref: 00072517
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00080B08
                                                                                                                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00080B50
                                                                                                                                                                                                                        • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00080B86
                                                                                                                                                                                                                        • std::locale::_Init.LIBCPMT ref: 00080B97
                                                                                                                                                                                                                        • std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 00080BA4
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00080BC0
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00080BE1
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00080BF2
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00081017
                                                                                                                                                                                                                        • __Mtx_unlock.LIBCPMT ref: 00081020
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockitstd::locale::_$DescriptorFreeLocalLocimp::_Lockit::_Security$AddfacConvertH_prolog3_catchInitIos_base_dtorLocimpLocimp_LocinfoLocinfo::_Locinfo::~_Locinfo_ctorLockit::~_Mtx_unlockNew_Stringstd::ios_base::_
                                                                                                                                                                                                                        • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                        • API String ID: 4127577005-3388121372
                                                                                                                                                                                                                        • Opcode ID: 7b3894b2aa744ba64b395e64b05c2ec4059ccccf4001b7991e51998ec5af4faa
                                                                                                                                                                                                                        • Instruction ID: 05c4269cd1e1836a911cb2a3293a5331b961dca5010dc63d9e4a807aef00c7f2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b3894b2aa744ba64b395e64b05c2ec4059ccccf4001b7991e51998ec5af4faa
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7323A709002589FDB64DFA4C955BDDBBF4BF08304F1440A9E949AB392DB74AE84CF91
                                                                                                                                                                                                                        Function 000A9400 Relevance: 25.4, APIs: 7, Strings: 7, Instructions: 871libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 3427 a9400-a9483 GetModuleHandleW 3428 a94c2 3427->3428 3429 a9485-a9495 GetProcAddress 3427->3429 3430 a94c4-a94dc 3428->3430 3429->3428 3431 a9497-a94b3 GetCurrentProcess 3429->3431 3432 a94e0-a94e9 3430->3432 3431->3428 3435 a94b5-a94bc 3431->3435 3432->3432 3434 a94eb-a952f call 7347e 3432->3434 3439 a9530-a9539 3434->3439 3435->3428 3437 a94be-a94c0 3435->3437 3437->3430 3439->3439 3440 a953b-a9567 call 7347e call a8c60 3439->3440 3445 a9569-a9580 call 7347e 3440->3445 3446 a9585-a9592 3440->3446 3445->3446 3448 a95c9-a95f6 3446->3448 3449 a9594-a95a9 3446->3449 3452 a95f8-a960d 3448->3452 3453 a962d-a9674 call a91a0 3448->3453 3450 a95ab-a95b9 3449->3450 3451 a95bf-a95c6 call e8375 3449->3451 3450->3451 3454 aa108-aa121 call ed60f 3450->3454 3451->3448 3456 a960f-a961d 3452->3456 3457 a9623-a962a call e8375 3452->3457 3463 a9677-a9680 3453->3463 3456->3454 3456->3457 3457->3453 3463->3463 3466 a9682-a96a8 call 7347e call a8c60 3463->3466 3471 a96aa-a96b1 3466->3471 3472 a96be-a96cb 3466->3472 3473 a96b3 3471->3473 3474 a96b5-a96b9 call 7347e 3471->3474 3475 a96cd-a96e2 3472->3475 3476 a9702-a972f 3472->3476 3473->3474 3474->3472 3480 a96f8-a96ff call e8375 3475->3480 3481 a96e4-a96f2 3475->3481 3477 a9731-a9746 3476->3477 3478 a9766-a97c9 call ea920 GetModuleFileNameW 3476->3478 3482 a9748-a9756 3477->3482 3483 a975c-a9763 call e8375 3477->3483 3490 a97cb-a97fb GetLastError call a8650 3478->3490 3491 a9816-a9884 call b0750 call 73f22 call 738d0 call ea920 GetLongPathNameW 3478->3491 3480->3476 3481->3480 3482->3483 3483->3478 3497 a9800-a9809 3490->3497 3509 a98eb-a98f1 3491->3509 3510 a9886-a98e8 GetLastError call a8650 call eea46 3491->3510 3497->3497 3499 a980b-a9811 3497->3499 3501 a990b-a9948 call 7347e 3499->3501 3506 a9950-a9959 3501->3506 3506->3506 3508 a995b-a9987 call 7347e call a8c60 3506->3508 3521 a9989-a99a0 call 7347e 3508->3521 3522 a99a5-a99b2 3508->3522 3513 a98f4-a98fd 3509->3513 3510->3509 3513->3513 3516 a98ff-a990a 3513->3516 3516->3501 3521->3522 3524 a99e9-a9a16 3522->3524 3525 a99b4-a99c9 3522->3525 3526 a9a18-a9a2d 3524->3526 3527 a9a4d-a9abf call 7347e 3524->3527 3528 a99cb-a99d9 3525->3528 3529 a99df-a99e6 call e8375 3525->3529 3530 a9a2f-a9a3d 3526->3530 3531 a9a43-a9a4a call e8375 3526->3531 3538 a9ac0-a9ac9 3527->3538 3528->3529 3529->3524 3530->3531 3531->3527 3538->3538 3539 a9acb-a9af7 call 7347e call a8c60 3538->3539 3544 a9af9-a9b10 call 7347e 3539->3544 3545 a9b15-a9b22 3539->3545 3544->3545 3547 a9b59-a9b86 3545->3547 3548 a9b24-a9b39 3545->3548 3551 a9b88-a9b9d 3547->3551 3552 a9bbd-a9c2f call 7347e 3547->3552 3549 a9b3b-a9b49 3548->3549 3550 a9b4f-a9b56 call e8375 3548->3550 3549->3550 3550->3547 3554 a9b9f-a9bad 3551->3554 3555 a9bb3-a9bba call e8375 3551->3555 3560 a9c30-a9c39 3552->3560 3554->3555 3555->3552 3560->3560 3562 a9c3b-a9c67 call 7347e call a8c60 3560->3562 3567 a9c69-a9c80 call 7347e 3562->3567 3568 a9c85-a9c92 3562->3568 3567->3568 3570 a9cc9-a9cf6 3568->3570 3571 a9c94-a9ca9 3568->3571 3574 a9cf8-a9d0d 3570->3574 3575 a9d2d-a9d69 call a8f20 call aa130 3570->3575 3572 a9cab-a9cb9 3571->3572 3573 a9cbf-a9cc6 call e8375 3571->3573 3572->3573 3573->3570 3576 a9d0f-a9d1d 3574->3576 3577 a9d23-a9d2a call e8375 3574->3577 3586 a9d6b-a9d6d 3575->3586 3587 a9d72-a9dae call a8f60 call aa130 3575->3587 3576->3577 3577->3575 3586->3587 3592 a9db0-a9db2 3587->3592 3593 a9db7-a9df3 call a8ee0 call aa130 3587->3593 3592->3593 3598 a9dfc-a9e38 call a9120 call aa130 3593->3598 3599 a9df5-a9df7 3593->3599 3604 a9e3a-a9e3c 3598->3604 3605 a9e41-a9e7d call a9120 call aa130 3598->3605 3599->3598 3604->3605 3610 a9e7f-a9e81 3605->3610 3611 a9e86-a9ec2 call a90e0 call aa130 3605->3611 3610->3611 3616 a9ecb-a9f07 call a9160 call aa130 3611->3616 3617 a9ec4-a9ec6 3611->3617 3622 a9f09-a9f0b 3616->3622 3623 a9f10-a9f4c call a9060 call aa130 3616->3623 3617->3616 3622->3623 3628 a9f4e-a9f50 3623->3628 3629 a9f55-a9f91 call a9060 call aa130 3623->3629 3628->3629 3634 a9f9a-a9fd6 call a9020 call aa130 3629->3634 3635 a9f93-a9f95 3629->3635 3640 a9fd8-a9fda 3634->3640 3641 a9fdf-aa01b call a90a0 call aa130 3634->3641 3635->3634 3640->3641 3646 aa01d-aa01f 3641->3646 3647 aa024-aa060 call a8fa0 call aa130 3641->3647 3646->3647 3652 aa069-aa0a5 call a8fe0 call aa130 3647->3652 3653 aa062-aa064 3647->3653 3658 aa0ae-aa0e3 call a8ea0 call aa130 3652->3658 3659 aa0a7-aa0a9 3652->3659 3653->3652 3664 aa0ec-aa107 call e8367 3658->3664 3665 aa0e5-aa0e7 3658->3665 3659->3658 3665->3664
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32,384F580C,?), ref: 000A947B
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 000A948B
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?), ref: 000A94A8
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,0014A52C,0014A52A), ref: 000A97C1
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,0014A52C,0014A52A), ref: 000A97CB
                                                                                                                                                                                                                        • GetLongPathNameW.KERNEL32(00000000,?,00000104), ref: 000A987C
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 000A989A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetExtractDir, xrefs: 000A97DC, 000A98AC
                                                                                                                                                                                                                        • GetLongPathName failed (%d) for %s, xrefs: 000A98A2
                                                                                                                                                                                                                        • IsWow64Process, xrefs: 000A9485
                                                                                                                                                                                                                        • 1.1, xrefs: 000A9BCB
                                                                                                                                                                                                                        • kernel32, xrefs: 000A9472
                                                                                                                                                                                                                        • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp, xrefs: 000A97E1, 000A98B1
                                                                                                                                                                                                                        • GetModuleFileName failed (%d), xrefs: 000A97D2
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLastModuleName$AddressCurrentFileHandleLongPathProcProcess
                                                                                                                                                                                                                        • String ID: 1.1$GetLongPathName failed (%d) for %s$GetModuleFileName failed (%d)$IsWow64Process$NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetExtractDir$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp$kernel32
                                                                                                                                                                                                                        • API String ID: 891933594-2307011595
                                                                                                                                                                                                                        • Opcode ID: 414d8951b0f99f997222a7cc718e51b96e930f504c97bb5a1909938eb5c171a1
                                                                                                                                                                                                                        • Instruction ID: a165ce3964ebbed2f830a8a327413b2cbc5e5afcc7a3fa1f9709604d787eb804
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 414d8951b0f99f997222a7cc718e51b96e930f504c97bb5a1909938eb5c171a1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD729FB0A002189FDB24DFA4CC85B9DB7B5AF4A314F1041DCE209AB292DB75AE85CF55
                                                                                                                                                                                                                        Function 000959AA Relevance: 24.9, APIs: 7, Strings: 7, Instructions: 407COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 3668 959aa-95b7a call 96440 call 89180 3681 95b7f-95b81 3668->3681 3682 95b7a call 89180 3668->3682 3683 95b83-95b8d 3681->3683 3684 95bc4-95be0 call 711f3 3681->3684 3682->3681 3685 95c8d-95ccd call 96440 3683->3685 3686 95b93-95ba5 3683->3686 3694 95cfc-95d06 3684->3694 3695 95be6-95c59 call 79bb0 call 79940 call 71b84 call 71be0 call 7b8a0 call d2bfd 3684->3695 3701 95db3-95dc0 3685->3701 3702 95cd3-95cd8 3685->3702 3688 95bab-95bbf 3686->3688 3689 95c83-95c8a call e8375 3686->3689 3688->3689 3689->3685 3697 95d08-95d1a 3694->3697 3698 95d3a-95d67 call 96440 3694->3698 3695->3685 3778 95c5b-95c6d 3695->3778 3707 95d1c-95d2a 3697->3707 3708 95d30-95d37 call e8375 3697->3708 3720 95d69-95d73 call 8aad0 3698->3720 3721 95d78-95d82 3698->3721 3705 95dc9-95dce 3701->3705 3706 95dc2-95dc7 3701->3706 3703 95cda 3702->3703 3704 95cdc-95cf7 call ea3a0 3702->3704 3703->3704 3724 95e8e-95e98 3704->3724 3712 95dd1-95de5 3705->3712 3706->3712 3707->3708 3708->3698 3717 95e30-95e32 3712->3717 3718 95de7-95dec 3712->3718 3727 95e64-95e86 3717->3727 3728 95e34-95e62 call e8713 3717->3728 3725 95df2-95dfd call e8713 3718->3725 3726 96085 Concurrency::cancel_current_task 3718->3726 3720->3721 3721->3685 3723 95d88-95d94 3721->3723 3723->3689 3732 95d9a-95dae 3723->3732 3734 95e9a-95ea6 3724->3734 3735 95ec6-95eee call 89980 3724->3735 3736 9608a call ed60f 3725->3736 3751 95e03-95e2e 3725->3751 3726->3736 3733 95e8c 3727->3733 3728->3733 3732->3689 3733->3724 3741 95ea8-95eb6 3734->3741 3742 95ebc-95ec3 call e8375 3734->3742 3755 95f7f 3735->3755 3756 95ef4-95f34 call 96440 3735->3756 3749 9608f-960aa call ed60f 3736->3749 3741->3736 3741->3742 3742->3735 3764 960d8-960fc call 967b0 3749->3764 3765 960ac-960b6 3749->3765 3751->3733 3758 95f82-95f93 GetModuleHandleW 3755->3758 3773 95f45-95f4f 3756->3773 3774 95f36-95f40 call 8aad0 3756->3774 3762 95fd1 3758->3762 3763 95f95-95fa5 GetProcAddress 3758->3763 3767 95fd3-9605c call 96440 call 736db call 7372a * 3 call e8367 3762->3767 3763->3762 3770 95fa7-95fc5 GetCurrentProcess 3763->3770 3787 960fe-96106 3764->3787 3788 96144-96149 3764->3788 3771 960b8-960c6 3765->3771 3772 960ce-960d5 call e8375 3765->3772 3770->3762 3815 95fc7-95fcb 3770->3815 3779 960cc 3771->3779 3780 961d4-961d9 call ed60f 3771->3780 3772->3764 3773->3758 3775 95f51-95f5d 3773->3775 3774->3773 3784 95f5f-95f6d 3775->3784 3785 95f73-95f7d call e8375 3775->3785 3778->3689 3790 95c6f-95c7d 3778->3790 3779->3772 3784->3749 3784->3785 3785->3758 3796 96108-9610c 3787->3796 3797 9613d 3787->3797 3792 9614b-96151 3788->3792 3793 9618f-96197 3788->3793 3790->3689 3799 96188 3792->3799 3800 96153-96157 3792->3800 3805 96199-961a2 3793->3805 3806 961c0-961d3 3793->3806 3803 9611b-96120 3796->3803 3804 9610e-96115 SysFreeString 3796->3804 3797->3788 3799->3793 3808 96159-96160 SysFreeString 3800->3808 3809 96166-9616b 3800->3809 3811 96132-9613a call e8375 3803->3811 3812 96122-9612b call e874c 3803->3812 3804->3803 3813 961a4-961b2 3805->3813 3814 961b6-961bd call e8375 3805->3814 3808->3809 3817 9617d-96185 call e8375 3809->3817 3818 9616d-96176 call e874c 3809->3818 3811->3797 3812->3811 3813->3780 3822 961b4 3813->3822 3814->3806 3815->3762 3823 95fcd-95fcf 3815->3823 3817->3799 3818->3817 3822->3814 3823->3767
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00096067
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00096085
                                                                                                                                                                                                                        • SysFreeString.OLEAUT32 ref: 0009610F
                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 0009615A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Concurrency::cancel_current_taskFreeString
                                                                                                                                                                                                                        • String ID: )$IsWow64Process$NO_REGKEY$UUID$UUID$kernel32$orm
                                                                                                                                                                                                                        • API String ID: 3597043392-3766208032
                                                                                                                                                                                                                        • Opcode ID: 7aec1259053232e0f5c3d551ac047abfce4a77dd49422ffc5fb86d997f688904
                                                                                                                                                                                                                        • Instruction ID: 3f3e13cd981889c58fe70123bdb2b3946c65146ca32f7bc30edfad4d60538646
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7aec1259053232e0f5c3d551ac047abfce4a77dd49422ffc5fb86d997f688904
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1AE1EFB09003449FEF29DFB4CC4879EBBB1AF41310F24821CE449AB6D2DB759A84DB51
                                                                                                                                                                                                                        Function 000A6560 Relevance: 24.2, APIs: 14, Strings: 2, Instructions: 211memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 3837 a6560-a658d 3838 a6599-a659e 3837->3838 3839 a658f-a6592 GlobalFree 3837->3839 3840 a65aa-a65af 3838->3840 3841 a65a0-a65a3 GlobalFree 3838->3841 3839->3838 3842 a65bb-a65c8 3840->3842 3843 a65b1-a65b4 GlobalFree 3840->3843 3841->3840 3845 a65ce-a65d3 3842->3845 3846 a668c 3842->3846 3843->3842 3848 a65d9-a65de 3845->3848 3849 a66cd-a66d1 3845->3849 3847 a668e-a6693 3846->3847 3850 a669f-a66a4 3847->3850 3851 a6695-a6698 GlobalFree 3847->3851 3854 a65ea-a65ec 3848->3854 3855 a65e0-a65e3 GlobalFree 3848->3855 3852 a66dd-a66ef 3849->3852 3853 a66d3-a66d7 3849->3853 3858 a66b0-a66b6 3850->3858 3859 a66a6-a66a9 GlobalFree 3850->3859 3851->3850 3861 a66fd-a6704 3852->3861 3862 a66f1-a66fb 3852->3862 3853->3852 3860 a67d0-a67d2 3853->3860 3856 a662b-a6633 3854->3856 3857 a65ee-a65f0 3854->3857 3855->3854 3866 a663f-a6641 3856->3866 3867 a6635-a6638 GlobalFree 3856->3867 3863 a65f3-a65fc 3857->3863 3864 a66bb-a66cc call e8367 3858->3864 3865 a66b8-a66b9 GlobalFree 3858->3865 3859->3858 3860->3847 3868 a670b-a672a 3861->3868 3862->3868 3863->3863 3869 a65fe-a6618 GlobalAlloc 3863->3869 3865->3864 3866->3860 3871 a6647-a664c 3866->3871 3867->3866 3868->3846 3876 a6730-a676b 3868->3876 3869->3846 3873 a661a-a6629 call ed660 3869->3873 3875 a6650-a6659 3871->3875 3873->3846 3873->3856 3875->3875 3878 a665b-a6675 GlobalAlloc 3875->3878 3885 a676d-a6779 3876->3885 3886 a6794-a6798 3876->3886 3878->3846 3880 a6677-a6686 call ed660 3878->3880 3880->3846 3880->3860 3887 a677b-a677e GlobalFree 3885->3887 3888 a6781-a6786 3885->3888 3889 a679a-a67a9 call a6a70 call a6af0 3886->3889 3890 a67ae-a67ba 3886->3890 3887->3888 3888->3846 3893 a678c-a678f GlobalFree 3888->3893 3889->3890 3891 a67bc-a67bf GlobalFree 3890->3891 3892 a67c6-a67cb 3890->3892 3891->3892 3892->3860 3895 a67cd-a67ce GlobalFree 3892->3895 3893->3846 3895->3860
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 000A6590
                                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 000A65A1
                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000101), ref: 000A65B2
                                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 000A65E1
                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000000,?), ref: 000A660D
                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000101), ref: 000A6636
                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000000,?), ref: 000A666A
                                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 000A6696
                                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 000A66A7
                                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 000A66B9
                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 000A677C
                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 000A678D
                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 000A67BD
                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 000A67CE
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Global$Free$Alloc
                                                                                                                                                                                                                        • String ID: Temp$`ato
                                                                                                                                                                                                                        • API String ID: 1780285237-1624478980
                                                                                                                                                                                                                        • Opcode ID: e4b9bf4561f95eebfecc8f316e1aa438f3a2f8f2fc264e05df8c4bd6954a593b
                                                                                                                                                                                                                        • Instruction ID: 55e821ed0f10d6383a875d93fbe7d8bfaf0db06c42c41ee8a13fb6dcc84795df
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4b9bf4561f95eebfecc8f316e1aa438f3a2f8f2fc264e05df8c4bd6954a593b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C714BB0E002199BDF109FE5CC84BAEB7F8AF15704F198159EC01EB241D776D945CEA0
                                                                                                                                                                                                                        Function 00084200 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 337COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 4056 84200-84261 OpenProcess 4057 84310-84341 4056->4057 4058 84267-8430b call 79bb0 call 79940 call 71b84 call 71cc0 call 76140 call 84940 GetLastError call 76140 call 7b8a0 call d2bfd 4056->4058 4060 84346-8436f call 846c0 QueryFullProcessImageNameW 4057->4060 4112 84561-84580 call e8367 4058->4112 4066 84464-84467 4060->4066 4067 84375-84381 GetLastError 4060->4067 4068 84469-8446b 4066->4068 4069 8447f call 79bb0 4066->4069 4067->4068 4071 84387-84434 call 79bb0 call 79940 call 71b84 call 849d0 call 76140 call 84940 call 76140 call 7b8a0 call d2bfd 4067->4071 4068->4060 4075 84484-84540 call 79940 call 71b84 call 71be0 call 76140 call 84a60 call 74190 call 7b8a0 call d2bfd 4069->4075 4124 84545-84558 4071->4124 4125 8443a-8444c 4071->4125 4075->4124 4124->4112 4126 8455a-8455b CloseHandle 4124->4126 4127 8444e-8445c 4125->4127 4128 84470-8447a call e8375 4125->4128 4126->4112 4129 84581-845ff call ed60f call 84760 4127->4129 4130 84462 4127->4130 4128->4124 4137 84604-84616 4129->4137 4130->4128 4138 84618-8462a 4137->4138 4139 8465c-8466f 4137->4139 4140 8462c-8463e 4138->4140 4141 84674-84692 call e8367 4138->4141 4139->4141 4142 84650-8465a call e8375 4140->4142 4143 84640-8464e 4140->4143 4142->4141 4143->4142 4145 84693-846a5 call ed60f 4143->4145 4151 846b3 4145->4151 4152 846a7-846aa 4145->4152 4152->4151 4153 846ac-846ad CloseHandle 4152->4153 4153->4151
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000400,00000000,?,384F580C,?,?), ref: 00084257
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000001,?,?), ref: 000842BC
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000842F2
                                                                                                                                                                                                                        • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,00000000,?,00000104,00000000,?,?), ref: 00084367
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?), ref: 00084375
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008440A
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?), ref: 0008455B
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Filename for process with id , xrefs: 000844B0
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorstd::ios_base::_$ErrorInitLastOnceProcess$BeginCloseCompleteFullHandleImageInitializeNameOpenQuery
                                                                                                                                                                                                                        • String ID: Filename for process with id
                                                                                                                                                                                                                        • API String ID: 563014942-4200337779
                                                                                                                                                                                                                        • Opcode ID: 147f72b6f78740de7c6d161c4c6209a468722522c6c5719a286d3330551eafc2
                                                                                                                                                                                                                        • Instruction ID: 2cbcc15c5e9d8142e9609410fb816a6d12858ac877bda68613fc1cd49a5eba79
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 147f72b6f78740de7c6d161c4c6209a468722522c6c5719a286d3330551eafc2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07D1B0B0C1025ADFDB20EFA4DD45BEEB7B4FF44304F104669E449A7282EB746A48CB95
                                                                                                                                                                                                                        Function 001100DE Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 4154 1100de-11010e call 10feba 4157 110110-11011b call ed72a 4154->4157 4158 110129-110135 call 10adb9 4154->4158 4165 11011d-110124 call ed73d 4157->4165 4163 110137-11014c call ed72a call ed73d 4158->4163 4164 11014e-110197 call 10fe25 4158->4164 4163->4165 4173 110204-11020d GetFileType 4164->4173 4174 110199-1101a2 4164->4174 4175 110403-110407 4165->4175 4176 110256-110259 4173->4176 4177 11020f-110240 GetLastError call ed707 CloseHandle 4173->4177 4179 1101a4-1101a8 4174->4179 4180 1101d9-1101ff GetLastError call ed707 4174->4180 4183 110262-110268 4176->4183 4184 11025b-110260 4176->4184 4177->4165 4191 110246-110251 call ed73d 4177->4191 4179->4180 4185 1101aa-1101d7 call 10fe25 4179->4185 4180->4165 4188 11026c-1102ba call 10ad04 4183->4188 4189 11026a 4183->4189 4184->4188 4185->4173 4185->4180 4196 1102d9-110301 call 10fbd2 4188->4196 4197 1102bc-1102c8 call 110034 4188->4197 4189->4188 4191->4165 4204 110303-110304 4196->4204 4205 110306-110347 4196->4205 4197->4196 4203 1102ca 4197->4203 4206 1102cc-1102d4 call 106b6c 4203->4206 4204->4206 4207 110349-11034d 4205->4207 4208 110368-110376 4205->4208 4206->4175 4207->4208 4210 11034f-110363 4207->4210 4211 110401 4208->4211 4212 11037c-110380 4208->4212 4210->4208 4211->4175 4212->4211 4213 110382-1103b5 CloseHandle call 10fe25 4212->4213 4217 1103b7-1103e3 GetLastError call ed707 call 10aecc 4213->4217 4218 1103e9-1103fd 4213->4218 4217->4218 4218->4211
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0010FE25: CreateFileW.KERNEL32(00000000,00000000,?,00110187,?,?,00000000,?,00110187,00000000,0000000C), ref: 0010FE42
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 001101F2
                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 001101F9
                                                                                                                                                                                                                        • GetFileType.KERNEL32(00000000), ref: 00110205
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0011020F
                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00110218
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00110238
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00110385
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 001103B7
                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 001103BE
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                        • String ID: H
                                                                                                                                                                                                                        • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                        • Opcode ID: 9af34e8de870b19987de8c775e46667953abd99d5531e719e931012c42da96fb
                                                                                                                                                                                                                        • Instruction ID: f24270dafa823a4dbd39daba64fa3c0647e03e2708409ad2b27bba2bc7bb9d42
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9af34e8de870b19987de8c775e46667953abd99d5531e719e931012c42da96fb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3A12632A041459FDF1EDF68DC55BEE3BE1AB0A324F140169E811EB2D2D7B58C92CB51
                                                                                                                                                                                                                        Function 0008E380 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 271COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008E4A1
                                                                                                                                                                                                                          • Part of subcall function 0008DE80: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008DF0C
                                                                                                                                                                                                                        • __Mtx_unlock.LIBCPMT ref: 0008E3DE
                                                                                                                                                                                                                          • Part of subcall function 0008E0D0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008E161
                                                                                                                                                                                                                        • __Mtx_unlock.LIBCPMT ref: 0008E4FB
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008E665
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008E6F8
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorstd::ios_base::_$InitMtx_unlockOnce$BeginCompleteInitialize
                                                                                                                                                                                                                        • String ID: AdhocTelemetryAzure$Event string is empty$Querying AdhocTelemetryAzure value failed: $SOFTWARE\McAfee\WebAdvisor$]
                                                                                                                                                                                                                        • API String ID: 1670716954-2879113573
                                                                                                                                                                                                                        • Opcode ID: aa4f3aa762276313f1671cbfeb32900be017dcd96c11c5a2c9866bbe26eafba0
                                                                                                                                                                                                                        • Instruction ID: 61299e5b98e333d2e899716f5b5be42cd5fecf9a01f0dd3fb606250536c57b67
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa4f3aa762276313f1671cbfeb32900be017dcd96c11c5a2c9866bbe26eafba0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A91E471D402589BDB14EF64DD41BEEB3B8FF15310F0041AAE909A7282EB756B48CFA1
                                                                                                                                                                                                                        Function 00095A23 Relevance: 17.8, APIs: 3, Strings: 7, Instructions: 265COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00096085
                                                                                                                                                                                                                        • SysFreeString.OLEAUT32 ref: 0009610F
                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 0009615A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeString$Concurrency::cancel_current_task
                                                                                                                                                                                                                        • String ID: )$IsWow64Process$NO_REGKEY$UUID$UUID$kernel32$orm
                                                                                                                                                                                                                        • API String ID: 2663709405-3766208032
                                                                                                                                                                                                                        • Opcode ID: e97e9e9bfb7b8f86eb4b5c0a6002f0d48e7b8db8a608a8bc31ebcad1b6ba3373
                                                                                                                                                                                                                        • Instruction ID: 87527885ef6bf31f8cf68142ab27c4bf9a6fc57372a71834c81901d8b44dd623
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e97e9e9bfb7b8f86eb4b5c0a6002f0d48e7b8db8a608a8bc31ebcad1b6ba3373
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31B1CEB09003489FEF29DFA8CD4879DBBB2AF45304F24825CE444AB3D2DB759A85DB51
                                                                                                                                                                                                                        Function 0008CE00 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 545COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __Mtx_init_in_situ.LIBCPMT ref: 0008D1E6
                                                                                                                                                                                                                          • Part of subcall function 0007BBB0: std::locale::_Init.LIBCPMT ref: 0007BBFC
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008D6C4
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • https://, xrefs: 0008D334
                                                                                                                                                                                                                        • u, xrefs: 0008D666
                                                                                                                                                                                                                        • Content-Type: application/atom+xml;type=entry;charset=utf-8, xrefs: 0008CF5D
                                                                                                                                                                                                                        • AWS m_url_aws = , xrefs: 0008D675
                                                                                                                                                                                                                        • /messages?timeout=60&api-version=2014-01, xrefs: 0008D368
                                                                                                                                                                                                                        • .servicebus.windows.net/, xrefs: 0008D348
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InitIos_base_dtorMtx_init_in_situstd::ios_base::_std::locale::_
                                                                                                                                                                                                                        • String ID: .servicebus.windows.net/$/messages?timeout=60&api-version=2014-01$AWS m_url_aws = $Content-Type: application/atom+xml;type=entry;charset=utf-8$https://$u
                                                                                                                                                                                                                        • API String ID: 655687434-3999228595
                                                                                                                                                                                                                        • Opcode ID: d16117f6bd93826a848e3de04acc3a956ffccd1016d1451dc2f04879f462927a
                                                                                                                                                                                                                        • Instruction ID: 7c0d58ece059b0914af6189a010390fb574b48bf554a817d746a42952aed6d39
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d16117f6bd93826a848e3de04acc3a956ffccd1016d1451dc2f04879f462927a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA429F70900745CFDB14DF28DD45BA9B7B0BF55308F1086A9E44CAB6A2EB74AAC4CF54
                                                                                                                                                                                                                        Function 00083D80 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 188COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • WTSGetActiveConsoleSessionId.KERNEL32(0000003C,?), ref: 00083E00
                                                                                                                                                                                                                        • OutputDebugStringW.KERNEL32(WTSQuerySessionInformation failed to retrieve current user name for the log name.), ref: 00083F9C
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00083FCA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Error retrieving session id for generating log name., xrefs: 00083E0B
                                                                                                                                                                                                                        • UNKNOWN, xrefs: 00083DD2
                                                                                                                                                                                                                        • WTSQuerySessionInformation failed to retrieve the size of the current user name for the log name., xrefs: 00083F81
                                                                                                                                                                                                                        • WTSQuerySessionInformation failed to retrieve current user name for the log name., xrefs: 00083F97
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ActiveConcurrency::cancel_current_taskConsoleDebugOutputSessionString
                                                                                                                                                                                                                        • String ID: Error retrieving session id for generating log name.$UNKNOWN$WTSQuerySessionInformation failed to retrieve current user name for the log name.$WTSQuerySessionInformation failed to retrieve the size of the current user name for the log name.
                                                                                                                                                                                                                        • API String ID: 1186403813-1860316991
                                                                                                                                                                                                                        • Opcode ID: c3e4ec7e268ccfae434f141e0e6f3505c6bf274c571f7dc8658270e0b02e4eb1
                                                                                                                                                                                                                        • Instruction ID: 3ecb1f16b205538d4623ddd44b3d941a04c80188ee4023df6b1bf7625f8d6a07
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3e4ec7e268ccfae434f141e0e6f3505c6bf274c571f7dc8658270e0b02e4eb1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F51B171E002159FCB18AF75DC89BAEBBB4FF84710F200629F556E6692E7749A40CBD0
                                                                                                                                                                                                                        Function 000E9900 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00094AA5,00094AA7,00000000,00000000,384F580C,?,00000000,?,000EBE00,0015BF08,000000FE,?,00094AA5,?), ref: 000E9989
                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00094AA5,?,00000000,00000000,?,000EBE00,0015BF08,000000FE,?,00094AA5), ref: 000E9A04
                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 000E9A0F
                                                                                                                                                                                                                        • _com_issue_error.COMSUPP ref: 000E9A38
                                                                                                                                                                                                                        • _com_issue_error.COMSUPP ref: 000E9A42
                                                                                                                                                                                                                        • GetLastError.KERNEL32(80070057,384F580C,?,00000000,?,000EBE00,0015BF08,000000FE,?,00094AA5,?), ref: 000E9A47
                                                                                                                                                                                                                        • _com_issue_error.COMSUPP ref: 000E9A5A
                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000000,?,000EBE00,0015BF08,000000FE,?,00094AA5,?), ref: 000E9A70
                                                                                                                                                                                                                        • _com_issue_error.COMSUPP ref: 000E9A83
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1353541977-0
                                                                                                                                                                                                                        • Opcode ID: 62fa528ef599a3fc2357f32555c229244b0085a7c17544a4464eed22a85833db
                                                                                                                                                                                                                        • Instruction ID: 438afdb2128ba813f814e7e9b427f57a1feba0e266fca2003fc1a333eab53ac7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62fa528ef599a3fc2357f32555c229244b0085a7c17544a4464eed22a85833db
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9441A1B1A00289AFD710DF6ADC45BEEBBE8AF48710F14423AF505F7292DB349841C7A5
                                                                                                                                                                                                                        Function 00079C50 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 313COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0007E310: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 0007E36C
                                                                                                                                                                                                                        • __Mtx_init_in_situ.LIBCPMT ref: 00079DD4
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0007A06D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DescriptorSecurity$Concurrency::cancel_current_taskConvertMtx_init_in_situString
                                                                                                                                                                                                                        • String ID: LogLevel$LogRotationCount$LogRotationFileSize$SOFTWARE\McAfee\WebAdvisor$log
                                                                                                                                                                                                                        • API String ID: 239504998-2017128786
                                                                                                                                                                                                                        • Opcode ID: 37a8322ca343701937870ab6792399d27c69074acdd13053b622b31552ed6a25
                                                                                                                                                                                                                        • Instruction ID: ae37cc340e819cd2eaa294d00d745cfbaeb62ec2d31391c071c699794f96a078
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37a8322ca343701937870ab6792399d27c69074acdd13053b622b31552ed6a25
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6C18C71D00249DFDB04DFA4C945BEEBBF4BF49304F20811AE419B7292EB79AA44CB95
                                                                                                                                                                                                                        Function 00086D24 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 166COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __Mtx_init_in_situ.LIBCPMT ref: 00086D7B
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00086F75
                                                                                                                                                                                                                        • __Mtx_unlock.LIBCPMT ref: 00086F88
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorMtx_init_in_situMtx_unlockstd::ios_base::_
                                                                                                                                                                                                                        • String ID: event sender$=$Failed to initialize $async
                                                                                                                                                                                                                        • API String ID: 3676452600-816272291
                                                                                                                                                                                                                        • Opcode ID: 14e89d9a7d86ed538697594d1fa9f0bcc7c84d1aafc46820f687453095bbd124
                                                                                                                                                                                                                        • Instruction ID: 4cab60c68a6b06374bf9a2c5217756e1f97f00ffe014add9422faf0d59633ea7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 14e89d9a7d86ed538697594d1fa9f0bcc7c84d1aafc46820f687453095bbd124
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9961C1B0D01305DFDB40EF64C855BEEBBB5BF44304F5080A9D805AB382EB759A48CBA1
                                                                                                                                                                                                                        Function 0008928D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 130COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00088FB0: CoCreateGuid.OLE32(?), ref: 00088FC8
                                                                                                                                                                                                                          • Part of subcall function 00088FB0: StringFromCLSID.OLE32(?,?), ref: 00088FE0
                                                                                                                                                                                                                          • Part of subcall function 00088FB0: CoTaskMemFree.OLE32(?), ref: 00089138
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000893D1
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteCreateFreeFromGuidInitializeStringTask
                                                                                                                                                                                                                        • String ID: Could not set registry value $Could not set registry value InstallerFlags$Failed to create new UUID$InstallerFlags$UUID$]
                                                                                                                                                                                                                        • API String ID: 598746661-2174109026
                                                                                                                                                                                                                        • Opcode ID: 2a4bc94c58b72990a0c24a972d44377e2335c01e71b06abf43f5001d000be5ef
                                                                                                                                                                                                                        • Instruction ID: e11c81b356a7c8fea2138882c8859b4783d34041985d607cbb24eb3df992bfdf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a4bc94c58b72990a0c24a972d44377e2335c01e71b06abf43f5001d000be5ef
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C516D70A00208DADF14FF64D991BED77B4FF51304F508059F84967282EB78AB48CBA6
                                                                                                                                                                                                                        Function 00085790 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,NotComDllGetInterface), ref: 00085808
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00085828
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00085830
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00085839
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeLibrary$AddressErrorLastProc
                                                                                                                                                                                                                        • String ID: NotComDllGetInterface$mfeaaca.dll
                                                                                                                                                                                                                        • API String ID: 1092183831-2777911605
                                                                                                                                                                                                                        • Opcode ID: 9f0f9a4775d59d311762a580b2dbfcd13dc51cfcabe40c5a94cd88ba2fa74c09
                                                                                                                                                                                                                        • Instruction ID: 5052d0ba5f11f4395be74e5fb2b15ad520e0e41976474bd8b653cc25aeb0313c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f0f9a4775d59d311762a580b2dbfcd13dc51cfcabe40c5a94cd88ba2fa74c09
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC21BD32E006199BDB21ABA8DC4866EBBF8FF55752B04416AE841F3310EB708D518BD1
                                                                                                                                                                                                                        Function 00074D63 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00074C8E: GetCurrentProcessId.KERNEL32 ref: 00074CA6
                                                                                                                                                                                                                          • Part of subcall function 00074C8E: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00074CB8
                                                                                                                                                                                                                          • Part of subcall function 00074C8E: Process32FirstW.KERNEL32(00000000,?), ref: 00074CD3
                                                                                                                                                                                                                          • Part of subcall function 00074C8E: Process32NextW.KERNEL32(00000000,0000022C), ref: 00074CE9
                                                                                                                                                                                                                          • Part of subcall function 00074C8E: CloseHandle.KERNEL32(00000000), ref: 00074CFA
                                                                                                                                                                                                                        • CreateMutexW.KERNEL32(00000000,00000000,Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}), ref: 00074D88
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00074DD0
                                                                                                                                                                                                                          • Part of subcall function 0007136C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000713A5
                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 00074DFC
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 00074E0D
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • CreateMutex failed: , xrefs: 00074DC2
                                                                                                                                                                                                                        • SaBsi.cpp, xrefs: 00074DA9
                                                                                                                                                                                                                        • Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}, xrefs: 00074D7F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateHandleInitIos_base_dtorOnceProcess32std::ios_base::_$BeginCompleteCurrentErrorFirstInitializeLastMutexNextObjectProcessSingleSnapshotToolhelp32Wait
                                                                                                                                                                                                                        • String ID: CreateMutex failed: $Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}$SaBsi.cpp
                                                                                                                                                                                                                        • API String ID: 2598072538-1117126455
                                                                                                                                                                                                                        • Opcode ID: aa3126ca73812e296754b364705485040e1c941bb4bb276146ea68fe28c54b09
                                                                                                                                                                                                                        • Instruction ID: 128845fc7159d90e8650e6aefbb38f17255dbc5964f0106d652ce71efa58b893
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa3126ca73812e296754b364705485040e1c941bb4bb276146ea68fe28c54b09
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50119130954342ABD730EF24D805BEA77E4BF50710F008D2CB499571D2EB789458CA6B
                                                                                                                                                                                                                        Function 0008EEC0 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 323COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0008CCB0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008CDBB
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0008F0FC
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008F268
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008F307
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • SOFTWARE\McAfee\WebAdvisor, xrefs: 0008F181
                                                                                                                                                                                                                        • AdhocTelemetryAWS, xrefs: 0008F1B6
                                                                                                                                                                                                                        • Querying AdhocTelemetryAWS value failed: , xrefs: 0008F217
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorstd::ios_base::_$Concurrency::cancel_current_task
                                                                                                                                                                                                                        • String ID: AdhocTelemetryAWS$Querying AdhocTelemetryAWS value failed: $SOFTWARE\McAfee\WebAdvisor
                                                                                                                                                                                                                        • API String ID: 1722207485-3297656441
                                                                                                                                                                                                                        • Opcode ID: b5734a9f2169037f56f6aeacf9e3cf565e2c3fc5b7025b3fc41a28aec775f4de
                                                                                                                                                                                                                        • Instruction ID: f8dad8d392afd4e8dadd2cc784a93b7562cabbdf50215f855780c88999d0113d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b5734a9f2169037f56f6aeacf9e3cf565e2c3fc5b7025b3fc41a28aec775f4de
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0DC1D0B0D042599FDB24EF64CC45BEEB7B4FF04310F1042AAE459A7292EB746A85CF91
                                                                                                                                                                                                                        Function 0008E0D0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 171COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008E161
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000001), ref: 0008E278
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008E351
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • WinHttpCrackUrl failed for AWS: , xrefs: 0008E268
                                                                                                                                                                                                                        • Event Sender already initialized for AWS, xrefs: 0008E137
                                                                                                                                                                                                                        • Unable to open HTTP session for AWS, xrefs: 0008E327
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteErrorInitializeLast
                                                                                                                                                                                                                        • String ID: Event Sender already initialized for AWS$Unable to open HTTP session for AWS$WinHttpCrackUrl failed for AWS:
                                                                                                                                                                                                                        • API String ID: 2211357200-794796586
                                                                                                                                                                                                                        • Opcode ID: cb9eb3de83b21088b8c4c64d997a333a92abef53d2b467cdc8a98050b67ee2dd
                                                                                                                                                                                                                        • Instruction ID: 7fdefed1b2821e7c09e2e2c4ca95eae62b5f5991abad8f0761ae1ff617ed72b7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb9eb3de83b21088b8c4c64d997a333a92abef53d2b467cdc8a98050b67ee2dd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A661CE709007489BDB20EFA0DD45BEAB7F8FF44305F00456DE919A7291EBB46A48CFA5
                                                                                                                                                                                                                        Function 0008DE80 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 147COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008DF0C
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000001), ref: 0008DFD7
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008E0A2
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Unable to open HTTP session for Azure, xrefs: 0008E078
                                                                                                                                                                                                                        • Event Sender already initialized for Azure, xrefs: 0008DEE2
                                                                                                                                                                                                                        • WinHttpCrackUrl failed for Azure: , xrefs: 0008DFC7
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteErrorInitializeLast
                                                                                                                                                                                                                        • String ID: Event Sender already initialized for Azure$Unable to open HTTP session for Azure$WinHttpCrackUrl failed for Azure:
                                                                                                                                                                                                                        • API String ID: 2211357200-3864554942
                                                                                                                                                                                                                        • Opcode ID: 34c705d671af747c3d7680fb05b193c182490a43514a8293caea8e74c0f95aa8
                                                                                                                                                                                                                        • Instruction ID: 07c07b9dc20b63581424e7297b3955b28336ab13e3070c012f9c6ba153655906
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34c705d671af747c3d7680fb05b193c182490a43514a8293caea8e74c0f95aa8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AB5170709003589FDB64EF60C945BDEB7F8FB04314F0045ADE44AA7691EBB46A88CF95
                                                                                                                                                                                                                        Function 000AE580 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 131COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Unable to convert XML buffer into wide characters, xrefs: 000AE6BC
                                                                                                                                                                                                                        • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XMLParser.cpp, xrefs: 000AE5AF, 000AE6C8
                                                                                                                                                                                                                        • a, xrefs: 000AE6A0
                                                                                                                                                                                                                        • invalid input, xrefs: 000AE5A3
                                                                                                                                                                                                                        • NWebAdvisor::XMLParser::ParseBuffer, xrefs: 000AE5AA, 000AE6C3
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __cftoe
                                                                                                                                                                                                                        • String ID: NWebAdvisor::XMLParser::ParseBuffer$Unable to convert XML buffer into wide characters$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XMLParser.cpp$invalid input$a
                                                                                                                                                                                                                        • API String ID: 4189289331-3053348034
                                                                                                                                                                                                                        • Opcode ID: eb1ee7220bc8aade1db95a92475738dbd6aa40af7c4f711dac679c94a3182c5b
                                                                                                                                                                                                                        • Instruction ID: 4db997541145ec52016935fc3ab5f6c5b084de080efa70eeb08ad3faf6233e60
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb1ee7220bc8aade1db95a92475738dbd6aa40af7c4f711dac679c94a3182c5b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D541C4B1A41304AFD724DFA4D842BAFF7E4BF19700F41452DE84AA7682DBB5A9048790
                                                                                                                                                                                                                        Function 00075A4F Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 00075A59
                                                                                                                                                                                                                          • Part of subcall function 00075C1E: CoCreateInstance.OLE32(0013D808,00000000,00000017,0014B024,00000000,384F580C,?,?,?,00000000,00000000,00000000,00118687,000000FF), ref: 00075C7A
                                                                                                                                                                                                                          • Part of subcall function 00075C1E: OleRun.OLE32(00000000), ref: 00075C89
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        • _com_issue_error.COMSUPP ref: 00075B97
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Failed to create Global Options object. Error , xrefs: 00075AA9
                                                                                                                                                                                                                        • i, xrefs: 00075B5D
                                                                                                                                                                                                                        • Failed to set new option. Error , xrefs: 00075B26
                                                                                                                                                                                                                        • Activation option is set successfuly, xrefs: 00075B69
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InitOnce$BeginCompleteCreateH_prolog3_InitializeInstanceIos_base_dtor_com_issue_errorstd::ios_base::_
                                                                                                                                                                                                                        • String ID: Activation option is set successfuly$Failed to create Global Options object. Error $Failed to set new option. Error $i
                                                                                                                                                                                                                        • API String ID: 1362393928-3233122435
                                                                                                                                                                                                                        • Opcode ID: 7a6eb85778abf1a0dd5ecd98d80b6747e296b6c4430d7df5efa76596805590b5
                                                                                                                                                                                                                        • Instruction ID: 60110ecd5110bec171d59789bb17315bc1c1aa18a6486f37fe7578b8dd21edaa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a6eb85778abf1a0dd5ecd98d80b6747e296b6c4430d7df5efa76596805590b5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6313A70D102198AEF14EBA4CC52FEDB374BF14301F408598A509772D2EB785A49CFAA
                                                                                                                                                                                                                        Function 000F22D9 Relevance: 9.3, APIs: 6, Instructions: 264COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 000F2461
                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000F247D
                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 000F2494
                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000F24B2
                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 000F24C9
                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000F24E7
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1992179935-0
                                                                                                                                                                                                                        • Opcode ID: f5f3a44ed8043a2ffd9b201dc5f07ecf71a3fa8d4abf09d185f58aaaf2be2bd1
                                                                                                                                                                                                                        • Instruction ID: fddba79420c304ea8681bd0e226c30a1faba52cd724c2e224e932c893152daab
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5f3a44ed8043a2ffd9b201dc5f07ecf71a3fa8d4abf09d185f58aaaf2be2bd1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED811BB1600B0A9FD720EF69CC42B7A73E9AF50724F14412AF655D7AC1E774EA019750
                                                                                                                                                                                                                        Function 000807C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __Mtx_destroy_in_situ.LIBCPMT ref: 0008085F
                                                                                                                                                                                                                        • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 00080903
                                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?), ref: 00080A26
                                                                                                                                                                                                                        • __Mtx_unlock.LIBCPMT ref: 00081020
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 000808FE
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DescriptorSecurity$ConvertFreeLocalMtx_destroy_in_situMtx_unlockString
                                                                                                                                                                                                                        • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                                                        • API String ID: 4147401711-3078421892
                                                                                                                                                                                                                        • Opcode ID: 9d12718d863043f3259711f348747ade1b4cdc18e8fee4450cc23c3028881c5b
                                                                                                                                                                                                                        • Instruction ID: 8c5bfe5c0466a1eccc0ccc1559dd0dbef0d6b1158e8478b68ceb9059a6c90270
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d12718d863043f3259711f348747ade1b4cdc18e8fee4450cc23c3028881c5b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A6103719002849FDB58DF64CC897DEB7F4BF44304F10416DE489A7792DB74AA88CB94
                                                                                                                                                                                                                        Function 00077F60 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __Xtime_get_ticks.LIBCPMT ref: 00077FAA
                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00077FBC
                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00077FD0
                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00077FE2
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$Xtime_get_ticks
                                                                                                                                                                                                                        • String ID: [%Y%m%d %H:%M:%S.
                                                                                                                                                                                                                        • API String ID: 3638035285-2843400524
                                                                                                                                                                                                                        • Opcode ID: 372fa79b83983019733db00982dcaf3e3e3e73f90c27f58342bd3834949efc5e
                                                                                                                                                                                                                        • Instruction ID: ab92f965d8295aeb3c0e232ae427a79c720e90ead9adde369e38a476d06f2c65
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 372fa79b83983019733db00982dcaf3e3e3e73f90c27f58342bd3834949efc5e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D317271E44214AFDB11DFA4CC86FAEB7F8EF44B10F108129F509AB381DB78A9058B95
                                                                                                                                                                                                                        Function 0008CCB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008CDBB
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitialize
                                                                                                                                                                                                                        • String ID: 5$AdhocAWSQAMode$Querying AdhocAWSQAMode value failed: $SOFTWARE\McAfee\WebAdvisor
                                                                                                                                                                                                                        • API String ID: 539357862-4010608570
                                                                                                                                                                                                                        • Opcode ID: 5658d93d7480c7bb3d532f03c4bd4272fb9a832fd571c0b263476adbf58e70e8
                                                                                                                                                                                                                        • Instruction ID: 286724831d4cf734b56d4d53acaea5d7914709e44d40978c1b795d7dcb7267b3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5658d93d7480c7bb3d532f03c4bd4272fb9a832fd571c0b263476adbf58e70e8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8317271D5020D9EDF14EFA4C951BEEB7B8FF18700F50456AE50AB3282EB745A08CB61
                                                                                                                                                                                                                        Function 00094B40 Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 562COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00095182
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0009521E
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Concurrency::cancel_current_taskIos_base_dtorstd::ios_base::_
                                                                                                                                                                                                                        • String ID: Invalid arguements passed to AddDimension$N
                                                                                                                                                                                                                        • API String ID: 4106036149-286115907
                                                                                                                                                                                                                        • Opcode ID: 57a5d65154888a3c0e3aae7749743668cd000d269cf38dbb4bff2b55d889961b
                                                                                                                                                                                                                        • Instruction ID: a1a99acf158bd6efc5c4597a729c865d604bef9036ba222c05b2c5e1e40685f7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57a5d65154888a3c0e3aae7749743668cd000d269cf38dbb4bff2b55d889961b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0632CE70D003989FDF25CF64C844BAEBBF1FF45304F1482A9E459AB292D775AA85CB81
                                                                                                                                                                                                                        Function 00114DB0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 352COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: %s%s$%s\%s$\\?\
                                                                                                                                                                                                                        • API String ID: 0-2843747179
                                                                                                                                                                                                                        • Opcode ID: 47a1a53f80bd83d8d65607fcdc98dd39f9031ff18f9e4aa2f100ed3634d3681f
                                                                                                                                                                                                                        • Instruction ID: ae432b5d9f1cdbf8ec89388490a05d9a7b95400cacfe300efbf57a1aa49491da
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47a1a53f80bd83d8d65607fcdc98dd39f9031ff18f9e4aa2f100ed3634d3681f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6D1C072D00218EFDF14DFE4CC85AEEBBB9EF49310F544529E815A7281E734AA45CBA1
                                                                                                                                                                                                                        Function 000B39A0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 270registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\WATesting,00000000,00000001,?,384F580C,00000000,00000001), ref: 000B39FC
                                                                                                                                                                                                                          • Part of subcall function 000B2820: RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,384F580C,?,?,?), ref: 000B28AC
                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,?,00000000,811C9DC5,path,00000004,?), ref: 000B3D36
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseInfoOpenQuery
                                                                                                                                                                                                                        • String ID: SOFTWARE\WATesting$path
                                                                                                                                                                                                                        • API String ID: 2142960691-1550987622
                                                                                                                                                                                                                        • Opcode ID: d190f73c11e29a8d99504efca256f9b18817716f8834bc176468474487e9d36f
                                                                                                                                                                                                                        • Instruction ID: f518c4adc90be19cc95bdfc476dd2e5d6bc6ec09039dd2c5ff15bf76fec3a854
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d190f73c11e29a8d99504efca256f9b18817716f8834bc176468474487e9d36f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9B1B171A00258DFCF24DB64DC49BDEBBB9AF44304F1441D9E409AB292DB74AB88CF61
                                                                                                                                                                                                                        Function 000AFBE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?,0014BFD0,00000000,0014BFD0,00000000,?,0000001C,00000001,00000000,0000001C,?,?,00000014,0014BFD0,00000000,384F580C), ref: 000AFC1D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Destination directory does not exist, xrefs: 000AFC8F
                                                                                                                                                                                                                        • NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk, xrefs: 000AFC99
                                                                                                                                                                                                                        • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp, xrefs: 000AFC9E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                                        • String ID: Destination directory does not exist$NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp
                                                                                                                                                                                                                        • API String ID: 3188754299-3555079292
                                                                                                                                                                                                                        • Opcode ID: ff3cefd5ebef324971f06503e3ef4a8ea64c104f11a93716eb9dbbd0ae3df2c6
                                                                                                                                                                                                                        • Instruction ID: c89a82705feacf98c57c9e43c8008c97daf628c1320374d35c73db5d798ea7af
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff3cefd5ebef324971f06503e3ef4a8ea64c104f11a93716eb9dbbd0ae3df2c6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6215E71E0021CAFCF00DFA9D942AEEB7F5AB49710F114266FC19B3281E774AA45CB90
                                                                                                                                                                                                                        Function 0007DC20 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 553COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 0007E367
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                                                        • API String ID: 0-3078421892
                                                                                                                                                                                                                        • Opcode ID: edf08c1932cf036058457340f66d7d0db109b442c681ef1a52151639c9ccbea9
                                                                                                                                                                                                                        • Instruction ID: f535d085c993373e1cb0c71741ef6eec1ecd6e1ca16a210fa5854042d8996904
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: edf08c1932cf036058457340f66d7d0db109b442c681ef1a52151639c9ccbea9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1922F771D002499BCB24DF64CC89BEEB7B5FF48304F10869ED40DA7691DB79AA84CB94
                                                                                                                                                                                                                        Function 000A8650 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 337COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::locale::_Init.LIBCPMT ref: 000A882F
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XmlUpdaterLogger.cpp, xrefs: 000A8AF6
                                                                                                                                                                                                                        • Failed to create log message string. Error 0x, xrefs: 000A89CF
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Initstd::locale::_
                                                                                                                                                                                                                        • String ID: Failed to create log message string. Error 0x$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XmlUpdaterLogger.cpp
                                                                                                                                                                                                                        • API String ID: 1620887387-1553574442
                                                                                                                                                                                                                        • Opcode ID: 37d3f558545fd7725375844c59fc4dc92b692c54b4989f9ce4f33a3dc522b990
                                                                                                                                                                                                                        • Instruction ID: 0d07336cc02ae41b705ebb85e098b3d12760f280ee088cb5ba01b6be46883548
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37d3f558545fd7725375844c59fc4dc92b692c54b4989f9ce4f33a3dc522b990
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19E13C70E00259DFEB24CF98C885BDEB7B1BF49304F14819AE509A7291DB759E84CF61
                                                                                                                                                                                                                        Function 0007E310 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 0007E36C
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 0007E367
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DescriptorSecurity$ConvertString
                                                                                                                                                                                                                        • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                                                        • API String ID: 3907675253-3078421892
                                                                                                                                                                                                                        • Opcode ID: b7e4250188223b97bed44137e61ae7e172c4e22898a391275f00bda8f2bad3a0
                                                                                                                                                                                                                        • Instruction ID: b5a77a444bafa71ad68d235d5b9b4fce0ddb3d6ceee82f83c4253ccb679a0082
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7e4250188223b97bed44137e61ae7e172c4e22898a391275f00bda8f2bad3a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C8160709012999BDB24DF24DD8CB9DB7B5AF85304F1086D9E00CA7291E779AB84CF54
                                                                                                                                                                                                                        Function 0009CC20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000001), ref: 0009CCBB
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0009CCEC
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Unable to set proxy option, error: , xrefs: 0009CCAB
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteErrorInitializeLast
                                                                                                                                                                                                                        • String ID: Unable to set proxy option, error:
                                                                                                                                                                                                                        • API String ID: 879576418-14943890
                                                                                                                                                                                                                        • Opcode ID: cb3cb8056ba0addf823a2b6f20d11390cd6f7cd7c74d230df6776b6c0819c121
                                                                                                                                                                                                                        • Instruction ID: 35d33e79ec4b574e4c9705072c5246693e2579fd91e345437869804564cc9f89
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb3cb8056ba0addf823a2b6f20d11390cd6f7cd7c74d230df6776b6c0819c121
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45318971A043189BEF64DFA4CC05BEAB7B9EB04710F00856AE809A3690EB756A44CB61
                                                                                                                                                                                                                        Function 00105FD8 Relevance: 4.7, APIs: 3, Instructions: 177fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0010576D: GetConsoleCP.KERNEL32(?,000A860A,00000000), ref: 001057B5
                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,00000000,0015C218,384F580C,00000000,384F580C,000A860A,000A860A,000A860A,384F580C,00000000,?,000F591E,00000000,0015C218,00000010), ref: 00106129
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,000F591E,00000000,0015C218,00000010,000A860A), ref: 00106133
                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00106178
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ConsoleErrorFileLastWrite__dosmaperr
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 251514795-0
                                                                                                                                                                                                                        • Opcode ID: 5046f6d7e20d56a0348106bb5c66b6397fb837855de4d6fd8a87b24d0f71ab4f
                                                                                                                                                                                                                        • Instruction ID: 4c9467e2b507cbd2b4158bd896bc2774b231ebb3fd7227f44a14d2663b5bf65a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5046f6d7e20d56a0348106bb5c66b6397fb837855de4d6fd8a87b24d0f71ab4f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0751D571A0420AAFEF14DFA4CC45BEEBBB9EF49314F140051F480AB2D2D7B19D518B60
                                                                                                                                                                                                                        Function 0007E640 Relevance: 4.6, APIs: 3, Instructions: 120COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(00000000,384F580C,0000005C,?,?,?,?,00000000,0011952D,000000FF,?,0007E09D), ref: 0007E681
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,?,00000000,0011952D,000000FF,?,0007E09D), ref: 0007E738
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,00000000,0011952D,000000FF,?,0007E09D), ref: 0007E742
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AttributesCreateDirectoryErrorFileLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 674977465-0
                                                                                                                                                                                                                        • Opcode ID: 0b141c98488b05ffbc535d4950d2759b818b845dc3d23498eac5e024cb327728
                                                                                                                                                                                                                        • Instruction ID: a0e7dd536586317cf1bb930a976fd5568f4ea85fd899e02b5f29697605670af9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b141c98488b05ffbc535d4950d2759b818b845dc3d23498eac5e024cb327728
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39311671E052449BCB28DF68D888BAEB7F5FF48714F10866EE80993680D7396945CB94
                                                                                                                                                                                                                        Function 00106B6C Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,000A860A,?,00106A9A,000A860A,0015C5B8,0000000C,00106B4C,0015C218), ref: 00106BC2
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00106A9A,000A860A,0015C5B8,0000000C,00106B4C,0015C218), ref: 00106BCC
                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00106BF7
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2583163307-0
                                                                                                                                                                                                                        • Opcode ID: f60398e07ffcf8ba6ee29e55f2d3b54919b6a39cf28044ea2d3cecdcf0c2a210
                                                                                                                                                                                                                        • Instruction ID: fcc52324d7a62db6ceacf8b23f4315e43c6c90bc0432c1af3a67bd0fa75ee34c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f60398e07ffcf8ba6ee29e55f2d3b54919b6a39cf28044ea2d3cecdcf0c2a210
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 190126727092601AE6246334AC45B7E37899F93738F250259F9D9CB1C2DBF08CA18191
                                                                                                                                                                                                                        Function 001068F6 Relevance: 4.5, APIs: 3, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SetFilePointerEx.KERNEL32(00000000,00000000,?,00000000,0010F765,00000008,00000000,?,?,?,001069A3,00000000,00000000,?,0010F765), ref: 0010692F
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,001069A3,00000000,00000000,?,0010F765,?,0010F765,?,00000000,00000000,00000001,?,00000008), ref: 00106939
                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00106940
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2336955059-0
                                                                                                                                                                                                                        • Opcode ID: b943c5a374bc3773ce036cbb5702ea494cf31d6f15326f89fd527dbb648e83d6
                                                                                                                                                                                                                        • Instruction ID: 88665807896d17acccad280862f4a2a5e53cbf5bd83dbad3ad3352333a41cc6a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b943c5a374bc3773ce036cbb5702ea494cf31d6f15326f89fd527dbb648e83d6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A014C32614515BFCB058F69DC05CAE3B6AEF853247240209F4929B1D0FBB0DD61C750
                                                                                                                                                                                                                        Function 000C4C69 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4C81
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: yt
                                                                                                                                                                                                                        • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                        • Opcode ID: 88475a9524032ed7dbf7f258d5f28aa52d90e1ad2b0d668b424017210c4bb26b
                                                                                                                                                                                                                        • Instruction ID: 1a2ef9a56abc7abc1f40d2e4d4390c2ecd33e686a5d4830b275422d5200d831d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88475a9524032ed7dbf7f258d5f28aa52d90e1ad2b0d668b424017210c4bb26b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8CB012A5259600FE321452106E56C7F010CC7C0B11B30421FFC00D41529A510C490071
                                                                                                                                                                                                                        Function 000C4C8A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4C81
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: yt
                                                                                                                                                                                                                        • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                        • Opcode ID: eaa63221d1c9258d19eae1c90c3dd1cc4d32b6254b2860c829dd7c30ded89b95
                                                                                                                                                                                                                        • Instruction ID: 55d9e7ae0ad222fa38e5dfe334dfcf85066f3b0a20463cb734fae3cf5478ded1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eaa63221d1c9258d19eae1c90c3dd1cc4d32b6254b2860c829dd7c30ded89b95
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D2B01291259601FE35549204AD52D3F010CC3C0B11B30841FF800C5291DA500C050131
                                                                                                                                                                                                                        Function 000C4C9A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4C81
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: yt
                                                                                                                                                                                                                        • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                        • Opcode ID: adedcb975e03914905eb77ae809165cf3facf355d94907ff3258b4c412cdefbb
                                                                                                                                                                                                                        • Instruction ID: 279712fa8e1894c92e368a21956de113daeaebe4a57f4326548f254d4f193bdf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: adedcb975e03914905eb77ae809165cf3facf355d94907ff3258b4c412cdefbb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2CB01291259700FE325492046D52D7F010CC3C0B11B30411FF800C5291DA500C490131
                                                                                                                                                                                                                        Function 000C4CAA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4C81
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: yt
                                                                                                                                                                                                                        • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                        • Opcode ID: 78ddd28d190fd3d92897f2bd19cd61009cc89d9c523bf2474c7a0fd8edda783b
                                                                                                                                                                                                                        • Instruction ID: 356d57e7c24d84393776139eafb6a473fbaa1128cd550079b67b5f592f0b604d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78ddd28d190fd3d92897f2bd19cd61009cc89d9c523bf2474c7a0fd8edda783b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DDB01291259600FE325492046E52D3F010CD3D0B11B30801FF500C62D1DA510C060131
                                                                                                                                                                                                                        Function 000C4CBA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4C81
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: yt
                                                                                                                                                                                                                        • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                        • Opcode ID: 5e8405cd3c150cfd9431ea0800c79453b4274ee90bad5448ad40108ca37b413f
                                                                                                                                                                                                                        • Instruction ID: 9a7db62cede8efa888e315d495f5d4a4106d80896d007bb4d7eca7400893a971
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e8405cd3c150cfd9431ea0800c79453b4274ee90bad5448ad40108ca37b413f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6FB01291259500FE355492046D52D3F010CC7C0B11B30811FFC00C4252DA510C050531
                                                                                                                                                                                                                        Function 000C4CCA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4C81
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: yt
                                                                                                                                                                                                                        • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                        • Opcode ID: 6c96a33eb9950408d7670572e3aa6861806ff1fdae0c3b289e61c8f4964d861f
                                                                                                                                                                                                                        • Instruction ID: 2d46e90384b4acfaedd35ac4d006f8be32b6fe187a8c76772ad5a049a3b81028
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c96a33eb9950408d7670572e3aa6861806ff1fdae0c3b289e61c8f4964d861f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3BB012D1259500FE355492086E52D3F010CC3C0B11B30801FF800C4251DB810C050132
                                                                                                                                                                                                                        Function 000C4CDA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4C81
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: yt
                                                                                                                                                                                                                        • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                        • Opcode ID: faa89df6ce039608e7804620bf34894503fba97171655a998b118e9b455d3abf
                                                                                                                                                                                                                        • Instruction ID: 6b262f74edb9c683a928307053cb4bd25ce78dd858acc84c3857c8a7315f4b30
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: faa89df6ce039608e7804620bf34894503fba97171655a998b118e9b455d3abf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6DB01291259601FE325492046E52D7F010CC3D0B11F30411FF800C4261DB410C490132
                                                                                                                                                                                                                        Function 000C4CEA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4C81
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: yt
                                                                                                                                                                                                                        • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                        • Opcode ID: 254a74de3d29c580876c24d4055a5c009cf0ad7fb61126a7b1e11f9d6255fa3c
                                                                                                                                                                                                                        • Instruction ID: ae645c0f4fb172ef909a783e199bedab2fdc92e50c20d0ad493fe585877e6f2e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 254a74de3d29c580876c24d4055a5c009cf0ad7fb61126a7b1e11f9d6255fa3c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21B01291259500FE325492046F52D3F010CC3C0B11B30801FF400C5251DB420C060132
                                                                                                                                                                                                                        Function 000C4CFA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4C81
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: yt
                                                                                                                                                                                                                        • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                        • Opcode ID: f4fe3fdb1cc09218c9b1cf79937d9daecfb0c22f55d9383bbac4aac610b69ac9
                                                                                                                                                                                                                        • Instruction ID: 089e19808854bbaf71dcd0c02623addd192e47b96c523ca9812f914a6c764428
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f4fe3fdb1cc09218c9b1cf79937d9daecfb0c22f55d9383bbac4aac610b69ac9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0EB0129125D500FE315492046F52E3F011CD3C0B11B30401FF400C4255DB410C054132
                                                                                                                                                                                                                        Function 000C4D0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4D1C
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: `ato
                                                                                                                                                                                                                        • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                        • Opcode ID: d108703a9cac74316e2df61565c45b7092bc9fcb5653c57a7f47a16f8eb4e6c3
                                                                                                                                                                                                                        • Instruction ID: 8ed6467f0215a54ff18975db746b94dfc3c7ba1a5cdd1244ef1903690ad47726
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d108703a9cac74316e2df61565c45b7092bc9fcb5653c57a7f47a16f8eb4e6c3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40B01291359501BD36146200AF12C3F021CC3C0B22370801FF802D8242D5400C065031
                                                                                                                                                                                                                        Function 000C4D2F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4D1C
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: `ato
                                                                                                                                                                                                                        • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                        • Opcode ID: fd13a85c840c03d1792934be69fa1db999670a2f1e81d6e7da7ad8e7b750b3a2
                                                                                                                                                                                                                        • Instruction ID: 834713724e8e15d8d59b1527d07d6a52a40a95050b4438959029d6a40e7e11c7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd13a85c840c03d1792934be69fa1db999670a2f1e81d6e7da7ad8e7b750b3a2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7B01291259500FD3914A204ED12D3F031CC3C4B32370811FFC03C8341D5400C055131
                                                                                                                                                                                                                        Function 000C4D25 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4D1C
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: `ato
                                                                                                                                                                                                                        • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                        • Opcode ID: ca48b4be37e9d48dd944cceab81b6add4b23714735a2f5c2a489db307facddb3
                                                                                                                                                                                                                        • Instruction ID: 8b7d3842480fa95f6d94752f4941c66a491f5befd1eacf509878dde4e34e128e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca48b4be37e9d48dd944cceab81b6add4b23714735a2f5c2a489db307facddb3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65B0129135E500BE3514A204AE12E7F022CD3C0B22370401FF802C8341D5400C059131
                                                                                                                                                                                                                        Function 000C4D39 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4D1C
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: `ato
                                                                                                                                                                                                                        • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                        • Opcode ID: 7ece8d709afa001f5b14fd41a8bee4170ceaf4661fd8b0a234ecac77be42f7d0
                                                                                                                                                                                                                        • Instruction ID: b9a8b8d8549a2996332176ed46355f1cd4d61c6528f0bcf45b8b7f500a0e12e9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ece8d709afa001f5b14fd41a8bee4170ceaf4661fd8b0a234ecac77be42f7d0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73B01291259600BD3214A204ED52D7F021CC3C0B32370421FFC03C8341D5400C495131
                                                                                                                                                                                                                        Function 000C4D4D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4D1C
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: `ato
                                                                                                                                                                                                                        • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                        • Opcode ID: 7ebea7dbc3a01a35b8693b362b8fcf8683e3f42a19b5a0977c8ec335e8dd01b5
                                                                                                                                                                                                                        • Instruction ID: d87ad7724a0175615e39c007ad138ebf63d011863c7c2ade726f49a7c7e1dfa7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ebea7dbc3a01a35b8693b362b8fcf8683e3f42a19b5a0977c8ec335e8dd01b5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6EB01291359500FD3E14A204AE12D3F022CC3C0B22370811FFC02C9341D5400C095131
                                                                                                                                                                                                                        Function 000C4D43 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4D1C
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: `ato
                                                                                                                                                                                                                        • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                        • Opcode ID: ef824476cc0d1c0243f588dcfcaa0bebf018a754cb40ba3257ba610e76586285
                                                                                                                                                                                                                        • Instruction ID: e509cb653ce651514f0dc72b514f10c1d60a17ce6a9203e31dc4ac1f374cc35f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef824476cc0d1c0243f588dcfcaa0bebf018a754cb40ba3257ba610e76586285
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46B01291259500BD3214A204EE12D3F021DC3C0B323B0821FF803C9341D5400C065131
                                                                                                                                                                                                                        Function 000C4D57 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4D1C
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: `ato
                                                                                                                                                                                                                        • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                        • Opcode ID: c8d545e0428f36ca6ae1eafb914da4fa39d5b251b13a53f2e38f97ffd0015b10
                                                                                                                                                                                                                        • Instruction ID: 658922dd927973bb73ecc2df12bb5f62e9e2d810e60daa13a9ae88865f744325
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8d545e0428f36ca6ae1eafb914da4fa39d5b251b13a53f2e38f97ffd0015b10
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 77B0129126D500BD3114A204ED12E3F022CD3C0B32370421FF803C8341D5400C059131
                                                                                                                                                                                                                        Function 000C4D6B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4D1C
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: `ato
                                                                                                                                                                                                                        • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                        • Opcode ID: 3771d9a32cd9d09620b1a022fb43a7e4af78673e10a3eec1539f534dc8e082b2
                                                                                                                                                                                                                        • Instruction ID: cd37445a9142a84303d7a19effc1bb5245c872058443115d37727e678f20d093
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3771d9a32cd9d09620b1a022fb43a7e4af78673e10a3eec1539f534dc8e082b2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6DB01291359600BD3614A204AE12D7F021CC3C0B22370411FFC12C8341D5400C495131
                                                                                                                                                                                                                        Function 000C4D61 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4D1C
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: `ato
                                                                                                                                                                                                                        • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                        • Opcode ID: 17036f2fa2e8414ea0c05a5bf975890f1d7ab73ee2e5158ad83d2e684e33d252
                                                                                                                                                                                                                        • Instruction ID: c95e3e1a38b0cc3f9b726d7ba72ac23d38c2ef74c6529852c9c9aa2c6e5ec22c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 17036f2fa2e8414ea0c05a5bf975890f1d7ab73ee2e5158ad83d2e684e33d252
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CCB012A1259610FD3D14A204AD52D3F021CC3C0B22370801FFC02C4341D6400C055131
                                                                                                                                                                                                                        Function 000C4D7F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4D1C
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: `ato
                                                                                                                                                                                                                        • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                        • Opcode ID: b7e333086aa50fa2c218df107a87444694d7db6f177dd756d54c0e6786ad8b05
                                                                                                                                                                                                                        • Instruction ID: 2cb1964eddae798f0999b4f98a16d9c77fde0cd7cfaed6ee20263b011a307283
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7e333086aa50fa2c218df107a87444694d7db6f177dd756d54c0e6786ad8b05
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BBB012A129D600BD3114A205AD52E3F022CD3C0B22370401FF802C4341D6400C059231
                                                                                                                                                                                                                        Function 000C4D75 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4D1C
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: `ato
                                                                                                                                                                                                                        • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                        • Opcode ID: 630ea706388ca14d6d6f32fa70000712bdcb27a856e1218267302f2e7e32a17d
                                                                                                                                                                                                                        • Instruction ID: c3115c8c6a10f654476ac7c378cb96c9a2f75772a38602729493d1f0edb4537d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 630ea706388ca14d6d6f32fa70000712bdcb27a856e1218267302f2e7e32a17d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0B01291259500FD3914A204AE12D3F021CC3C0B22370C01FFC02C4341D5400C095131
                                                                                                                                                                                                                        Function 000C4D89 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4D1C
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: `ato
                                                                                                                                                                                                                        • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                        • Opcode ID: 6d142a4147751fcc1e1985f26266384e6cf752f2ade9620b4c4a8d4b30b23f67
                                                                                                                                                                                                                        • Instruction ID: 8719b1a502c5ab2b93d04657b7657fb5b35f581a35c9f1cd9235b30d2119d41b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d142a4147751fcc1e1985f26266384e6cf752f2ade9620b4c4a8d4b30b23f67
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62B012A1259700BD3214A204BE62D3F021CC3C0B22370801FF802C5341D6400C065131
                                                                                                                                                                                                                        Function 000C4D93 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4D1C
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID: `ato
                                                                                                                                                                                                                        • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                        • Opcode ID: f9cf62858ccceddcc574c879fd72d1ba990c905e7e7bef507554125e0d4b42f7
                                                                                                                                                                                                                        • Instruction ID: 8ac5150a3c8b2ebe80145eb18f15a97329cfa8635cbbe42e3159941bc27ba228
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f9cf62858ccceddcc574c879fd72d1ba990c905e7e7bef507554125e0d4b42f7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83B012A1259700BD3614A204AD52D7F021CC3C1B22370411FFC02C4341D6400C499131
                                                                                                                                                                                                                        Function 00094A40 Relevance: 3.1, APIs: 2, Instructions: 90COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _com_issue_error.COMSUPP ref: 00094AD2
                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(-00000001), ref: 00094AFD
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeString_com_issue_error
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 709734423-0
                                                                                                                                                                                                                        • Opcode ID: 891a99e4409beff591de69a4fca77a3e5de53a57f20b500698a23eaaca871fa5
                                                                                                                                                                                                                        • Instruction ID: 57ffab0929db0e30509964755bc8bfdb4fb6af5e8fb86c69b86e159abbf0c73f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 891a99e4409beff591de69a4fca77a3e5de53a57f20b500698a23eaaca871fa5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7721C4B1901751AFD7209F59D805B5BFBE8EF40B20F20872EF865A7680EBB4E841C790
                                                                                                                                                                                                                        Function 00105BF0 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,?,000A860A,00000000,?,0010610D,000A860A,000A860A,00000000,0015C218,384F580C,000A860A), ref: 00105C8C
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,0010610D,000A860A,000A860A,00000000,0015C218,384F580C,000A860A,000A860A,000A860A,384F580C,00000000,?,000F591E,00000000,0015C218), ref: 00105CB2
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 442123175-0
                                                                                                                                                                                                                        • Opcode ID: 5dba8d3cb4129cab3b47c8fd10a057668bb4fe5fd7858692d54e3c7339bcb7c8
                                                                                                                                                                                                                        • Instruction ID: c881078251d65f9e2baa798a9175b972a0cf2e01a31328dbdbd3f1fc39f5de0e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5dba8d3cb4129cab3b47c8fd10a057668bb4fe5fd7858692d54e3c7339bcb7c8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A218030A002199FEB19CF29DD909EAB7FAEB4C301F1440A9E946D7251D730DE82CF60
                                                                                                                                                                                                                        Function 00079BB0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                        • InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 51270584-0
                                                                                                                                                                                                                        • Opcode ID: b2ac7b93ab831634ccfb452ace49331e66fa399b40bc11c4b7f01e825fb3b158
                                                                                                                                                                                                                        • Instruction ID: 06a9ba648f034b24d63aed4ecf0056b8a987b3455652002fc1e9d87c785b7cd3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2ac7b93ab831634ccfb452ace49331e66fa399b40bc11c4b7f01e825fb3b158
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D019270E40749AFEB24EF94CC06BAEB7F8FB04B04F104629BA16A76C0DB745514CB55
                                                                                                                                                                                                                        Function 000E99E1 Relevance: 3.0, APIs: 2, Instructions: 42memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00094AA5,?,00000000,00000000,?,000EBE00,0015BF08,000000FE,?,00094AA5), ref: 000E9A04
                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 000E9A0F
                                                                                                                                                                                                                          • Part of subcall function 000EE960: _free.LIBCMT ref: 000EE973
                                                                                                                                                                                                                        • _com_issue_error.COMSUPP ref: 000E9A38
                                                                                                                                                                                                                        • _com_issue_error.COMSUPP ref: 000E9A42
                                                                                                                                                                                                                        • GetLastError.KERNEL32(80070057,384F580C,?,00000000,?,000EBE00,0015BF08,000000FE,?,00094AA5,?), ref: 000E9A47
                                                                                                                                                                                                                        • _com_issue_error.COMSUPP ref: 000E9A5A
                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000000,?,000EBE00,0015BF08,000000FE,?,00094AA5,?), ref: 000E9A70
                                                                                                                                                                                                                        • _com_issue_error.COMSUPP ref: 000E9A83
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _com_issue_error$ErrorLast$AllocByteCharMultiStringWide_free
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 878839965-0
                                                                                                                                                                                                                        • Opcode ID: 85f5848d4f700e5fbff7e246e5a8d3d1d766826c03c49b92d40d1bdfb63d416b
                                                                                                                                                                                                                        • Instruction ID: c86fba974f0ca879c6ee73a0a3d0e0d11d867bfd4a5aa017ab3ee2ed37c55819
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85f5848d4f700e5fbff7e246e5a8d3d1d766826c03c49b92d40d1bdfb63d416b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59014B72A05298AFDB20DF969845BEEB7A4EF48B20F040129EE0677292DA315951C7A1
                                                                                                                                                                                                                        Function 0009DEC0 Relevance: 3.0, APIs: 2, Instructions: 22registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SHDeleteKeyW.SHLWAPI(?,0014BFD0,?,0009DE7B), ref: 0009DED6
                                                                                                                                                                                                                        • RegCloseKey.KERNEL32(?,?,0009DE7B), ref: 0009DEE4
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseDelete
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 453069226-0
                                                                                                                                                                                                                        • Opcode ID: 8b66b953f352b843513b7d210a08551f700b6b3b22e911c62101419581d30140
                                                                                                                                                                                                                        • Instruction ID: 97baf58448f4a403cbe417c0387f03ee6fc3bb7d259113254a97a12e21416721
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b66b953f352b843513b7d210a08551f700b6b3b22e911c62101419581d30140
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6BE012705047519FD7709F29F848B437BD85B04710F14C84EE49AD7A50C3B8E885CF54
                                                                                                                                                                                                                        Function 0007DEB0 Relevance: 1.8, APIs: 1, Instructions: 298COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000023,00000001,384F580C,?,?), ref: 0007DF08
                                                                                                                                                                                                                        • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 0007E36C
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DescriptorSecurity$ConvertFolderPathSpecialString
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4077199523-0
                                                                                                                                                                                                                        • Opcode ID: 2ec9b9afc127285fc5614b97dde5e98eb5c4761b41f180ba8c83a938a7cdeb7a
                                                                                                                                                                                                                        • Instruction ID: 8c03749477be88dc749912fe1d3ae1b1919deede4e91f4600a73135a43027245
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ec9b9afc127285fc5614b97dde5e98eb5c4761b41f180ba8c83a938a7cdeb7a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0CC11371A012449BCB24DF28CC8979DB7B2FF89304F1086DDD40D67692DB79AA85CB94
                                                                                                                                                                                                                        Function 0010627A Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 4553958b87c2d610f0b69a3dfa9329297297f42e08479f1ad277e53ddae26e98
                                                                                                                                                                                                                        • Instruction ID: a8e8583512dc92e9bcd8d6a7117f67bcb1d27d0cd263113e37cbae8c63641432
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4553958b87c2d610f0b69a3dfa9329297297f42e08479f1ad277e53ddae26e98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5241D171A00104AFDB14DF58CC81AAE7BB2FB99364F298168F4889B3D1D7B19D61DB90
                                                                                                                                                                                                                        Function 0010732A Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __wsopen_s
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3347428461-0
                                                                                                                                                                                                                        • Opcode ID: fbcb30ffd8e6684c13583ae8030aaeb14918e730301aa8a556a2c0827809cd27
                                                                                                                                                                                                                        • Instruction ID: 0ecb48a638bf021ae556b21a52838d71453f861008cb55b69ad997d5e8e29c1f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fbcb30ffd8e6684c13583ae8030aaeb14918e730301aa8a556a2c0827809cd27
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E111571A0420AAFDF09DF58E941A9A7BF9EF48304F054069F809EB291D770EA11DBA5
                                                                                                                                                                                                                        Function 000F5854 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 738b2551a80a8a8d4bf8db57af4b31d13eda5225752eac16fda81814e4d2ac91
                                                                                                                                                                                                                        • Instruction ID: ae5d2a505e3168ae768ad0a23839370d9d4d593bd5c34ba7f159b0e7aca0c2f0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 738b2551a80a8a8d4bf8db57af4b31d13eda5225752eac16fda81814e4d2ac91
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ECF0F932501A186EDA2136299C056AB3298DF92376F140715FBA1B79D2CFB4D8079691
                                                                                                                                                                                                                        Function 0009DF10 Relevance: 1.5, APIs: 1, Instructions: 41registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RegCreateKeyExW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?), ref: 0009DF45
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Create
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                                                                                                        • Opcode ID: 7337d2e4f6d243e24a65f6aeb1f972f3c5d2c3eb4ca90e959b42f8a343fb675d
                                                                                                                                                                                                                        • Instruction ID: db3b784385563d674996aa367aaaaaec89a63be89c01214338f53cf6f5c273f8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7337d2e4f6d243e24a65f6aeb1f972f3c5d2c3eb4ca90e959b42f8a343fb675d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0015635600209ABCB21CF49D804F9EBBB9EF98310F2080AAF805A7250C770AA65DB94
                                                                                                                                                                                                                        Function 000B6050 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • PathFileExistsW.SHLWAPI(?), ref: 000B6061
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExistsFilePath
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1174141254-0
                                                                                                                                                                                                                        • Opcode ID: f295c0d741d1f827353d23878d4580c57de205a98e880ee64a44718d671ec423
                                                                                                                                                                                                                        • Instruction ID: 0a14289b6c474f6418804a862f1f5c2746985d5f927baf77b2ad25d1f36657f8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f295c0d741d1f827353d23878d4580c57de205a98e880ee64a44718d671ec423
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2F04931200200DBC7289F69D858B9BB7E9AF88711F40851DE44ACBA60D375F941CBA4
                                                                                                                                                                                                                        Function 001055F5 Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00102174: RtlAllocateHeap.NTDLL(00000000,?,?,?,000E872D,?,?,0007A1ED,0000002C,384F580C), ref: 001021A6
                                                                                                                                                                                                                        • _free.LIBCMT ref: 00105615
                                                                                                                                                                                                                          • Part of subcall function 00102098: RtlFreeHeap.NTDLL(00000000,00000000,?,0010B729,?,00000000,?,?,?,0010B9CC,?,00000007,?,?,0010BDD6,?), ref: 001020AE
                                                                                                                                                                                                                          • Part of subcall function 00102098: GetLastError.KERNEL32(?,?,0010B729,?,00000000,?,?,?,0010B9CC,?,00000007,?,?,0010BDD6,?,?), ref: 001020C0
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Heap$AllocateErrorFreeLast_free
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 314386986-0
                                                                                                                                                                                                                        • Opcode ID: 1492cfe6a9f879f24970fcd5da43d1265bcaf6a76eaba01d030aacc610482505
                                                                                                                                                                                                                        • Instruction ID: 83c75a21372a51f32f93471139c50060a3c89ffe43bf87352e14ffca51640f0e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1492cfe6a9f879f24970fcd5da43d1265bcaf6a76eaba01d030aacc610482505
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8CF06D721057009FD3259F55D805B92F7FCEF90B21F10842FE29A8BAE1DBF5A8458B94
                                                                                                                                                                                                                        Function 00102174 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,?,?,000E872D,?,?,0007A1ED,0000002C,384F580C), ref: 001021A6
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                        • Opcode ID: 302a858ac60bd02eb5e797f7e409498fd1c5acbd731c81528eff30530f89b09f
                                                                                                                                                                                                                        • Instruction ID: 59901b6ae6d4721e6e3cd47a7bae34cf5fcec0c1ddd104bb46780bd49cdb9fe7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 302a858ac60bd02eb5e797f7e409498fd1c5acbd731c81528eff30530f89b09f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1E0223120422567E7323721AC08BAB3758EF413A0F110220FEC4D64D1CFF0CC8181E0
                                                                                                                                                                                                                        Function 0009E500 Relevance: 1.5, APIs: 1, Instructions: 30registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(?,?,00000000,?,?), ref: 0009E51F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Open
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 71445658-0
                                                                                                                                                                                                                        • Opcode ID: ff21ee241786eed705268bc2b6453cab74e1d6e0902c55c7f352db8788fb354b
                                                                                                                                                                                                                        • Instruction ID: c95d7d315d6ae16f9961ee4c5ac2650e967190ef7b73689a263242585a30ecfa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff21ee241786eed705268bc2b6453cab74e1d6e0902c55c7f352db8788fb354b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8F05E31600608ABDB24CF09DC04F5EBBE8EF94710F10845EF80597250D6B0AA119B94
                                                                                                                                                                                                                        Function 0007136C Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000713A5
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 323602529-0
                                                                                                                                                                                                                        • Opcode ID: 74df6aac2f0916f0cb111fff8daeb2195a6d902964db32d08a9a4db607b862f6
                                                                                                                                                                                                                        • Instruction ID: 7f5df9d935c48247b85690f3b7563d41ee76841ccfae1fa6d2587a4294f873fc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74df6aac2f0916f0cb111fff8daeb2195a6d902964db32d08a9a4db607b862f6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7EF06572904658EFD705DF44DD01FDAB3ECEB08720F10462FF41193781DBB569048A94
                                                                                                                                                                                                                        Function 0009ED10 Relevance: 1.5, APIs: 1, Instructions: 20registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RegSetValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 0009ED2F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                        • Opcode ID: 9f7860d0a33d1a7fd2a3e181e32856e2e41f62cafd48be1bbc3f3fcaa93c8411
                                                                                                                                                                                                                        • Instruction ID: 4007c70f0038aebc38bf9b0759f5a3fb23aae73efc9a77b5a1edad2cc6df4ef2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f7860d0a33d1a7fd2a3e181e32856e2e41f62cafd48be1bbc3f3fcaa93c8411
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22E0EC35240148ABDF108E84EC44FA77B6AEB94700F10C415F9084A195C372DC61AAA5
                                                                                                                                                                                                                        Function 00114D80 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(00000000,?,00114E6A,00000000,00000000,-00000002,384F580C,00000028,00000000,?,00000000,extra,00000005,00000000,00000000,001344E4), ref: 00114D92
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                                        • Opcode ID: 40446a44cff57e54f19148ca997075e26f1251aeb37749727c8acfd7c8485715
                                                                                                                                                                                                                        • Instruction ID: b0987ec608b4ed4c5f1c4295f1763b95f507dd61481a9d0812138f44e1624268
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40446a44cff57e54f19148ca997075e26f1251aeb37749727c8acfd7c8485715
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95D05E312102081BAE580AE8B4696E633889A51F647EC0670F81E860D4E720E8D39110
                                                                                                                                                                                                                        Function 0010FE25 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateFileW.KERNEL32(00000000,00000000,?,00110187,?,?,00000000,?,00110187,00000000,0000000C), ref: 0010FE42
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                                        • Opcode ID: e3b160c6fa897107c18aaa5dfcf5f8c0475b93f38969cd2efd9480187e0a0db1
                                                                                                                                                                                                                        • Instruction ID: fc0d4e52899483961b7d0e176c5f95a1ecbbabdf51057f68d2abeb26e01ef007
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3b160c6fa897107c18aaa5dfcf5f8c0475b93f38969cd2efd9480187e0a0db1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01D06C3210010DBBDF128F84DD06EDA3BAAFB48714F014000BA1856060D772E972AB95
                                                                                                                                                                                                                        Function 000D269D Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 000D2743: DloadGetSRWLockFunctionPointers.DELAYIMP ref: 000D2743
                                                                                                                                                                                                                          • Part of subcall function 000D2743: AcquireSRWLockExclusive.KERNEL32(?,000D28F1), ref: 000D2760
                                                                                                                                                                                                                        • DloadProtectSection.DELAYIMP ref: 000D26C5
                                                                                                                                                                                                                          • Part of subcall function 000D286C: DloadObtainSection.DELAYIMP ref: 000D287C
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Dload$LockSection$AcquireExclusiveFunctionObtainPointersProtect
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1209458687-0
                                                                                                                                                                                                                        • Opcode ID: 2f6105361a1958b65596daedb017858ef892f3d92e78ed950fe2a958644b6c1b
                                                                                                                                                                                                                        • Instruction ID: 25b02a317b5e8f5ca64a37790498047c42e3903160198e7aa33027f70595b934
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f6105361a1958b65596daedb017858ef892f3d92e78ed950fe2a958644b6c1b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4CD012309083504AC391BB25AC967542690B334301F504487F545D17B6C7F18891AEB5
                                                                                                                                                                                                                        Function 0009E8C0 Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RegQueryValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 0009E8D4
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: QueryValue
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3660427363-0
                                                                                                                                                                                                                        • Opcode ID: 412c891ff19be1e4baef54f03b43d8046710d0657fad8f4fc6c48e724dc5eb48
                                                                                                                                                                                                                        • Instruction ID: c82a1191e684f3a3366a1b424626d9a22c832a108abbcb8466bd399c5e1584dd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 412c891ff19be1e4baef54f03b43d8046710d0657fad8f4fc6c48e724dc5eb48
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACD0CA3200020CBBCF024F80ED01E8A3F2AEB08320F048400FA080806183B39472ABA8
                                                                                                                                                                                                                        Function 000EE960 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _free.LIBCMT ref: 000EE973
                                                                                                                                                                                                                          • Part of subcall function 00102098: RtlFreeHeap.NTDLL(00000000,00000000,?,0010B729,?,00000000,?,?,?,0010B9CC,?,00000007,?,?,0010BDD6,?), ref: 001020AE
                                                                                                                                                                                                                          • Part of subcall function 00102098: GetLastError.KERNEL32(?,?,0010B729,?,00000000,?,?,?,0010B9CC,?,00000007,?,?,0010BDD6,?,?), ref: 001020C0
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast_free
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1353095263-0
                                                                                                                                                                                                                        • Opcode ID: fab4fa4e78e3bb56b6f0db2a41ca46f282b47d196b259d4a4af83b9d8bde8242
                                                                                                                                                                                                                        • Instruction ID: 03042f460f45e50dc3d500375487d6d1b429e6b762d388aaa4ecba6252fafd32
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fab4fa4e78e3bb56b6f0db2a41ca46f282b47d196b259d4a4af83b9d8bde8242
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38C08C3110030CBBCB009B41C80AA4E7BA8DB80364F204044F40117280CBB1EE049680
                                                                                                                                                                                                                        Function 000C4D9D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4DAF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                                                                                                        • Opcode ID: 50a5c565b3e4999851fe3e3fcf50c1be3cd69f19295ff92f7a9eba3ef9f6e55e
                                                                                                                                                                                                                        • Instruction ID: ca0e98d09f351edfce3d24fe8586a2e83a8e99c661b3e8927b9cf966d1cefa0b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50a5c565b3e4999851fe3e3fcf50c1be3cd69f19295ff92f7a9eba3ef9f6e55e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8AB012D129D500BD31146200BD12D3F011CD7C1B117B0411FF841D415296504C055031
                                                                                                                                                                                                                        Function 000C4DB8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000C4DAF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                                                                                                        • Opcode ID: 63139efccbdbbf6a1cb998dd9d11ac4a19171dd8a961188fd62f5b5d762e1bda
                                                                                                                                                                                                                        • Instruction ID: 111da5c1379dea47f6c9c078a294603fcd00b3c5ca3ee37858ec09f8a93a9772
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63139efccbdbbf6a1cb998dd9d11ac4a19171dd8a961188fd62f5b5d762e1bda
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57B012D1698500FD7554A2147D12D3F010CC3C4B11330802FF805C4251D6404C091131
                                                                                                                                                                                                                        Function 000D14C6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000D14D8
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                                                                                                        • Opcode ID: 9f79db9ae15f252d720858caeaa2385901c0b268e89c5c7680335b651aeb4e35
                                                                                                                                                                                                                        • Instruction ID: f946c88fc42af215cd30dfb277dc0a5185655fec5f412b0e0c197fb73ff90dc5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f79db9ae15f252d720858caeaa2385901c0b268e89c5c7680335b651aeb4e35
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CCB012B1259600FD321451517E02C7B110CC3C0F11730C01FF400D6241D9401C061131
                                                                                                                                                                                                                        Function 000E97AC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 000E97C4
                                                                                                                                                                                                                          • Part of subcall function 000D293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000D29AF
                                                                                                                                                                                                                          • Part of subcall function 000D293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000D29C0
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                                                                                                        • Opcode ID: c9779c64314d165b5ef220bf65bf1eb12d1d361c0ac2988c22ca4af05aa2a0b1
                                                                                                                                                                                                                        • Instruction ID: 3a97515286144d92a41e324adb6605f80df2d8bcdb4517af1e2ef7ae02153523
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9779c64314d165b5ef220bf65bf1eb12d1d361c0ac2988c22ca4af05aa2a0b1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DB012A127C500BD321471156E42C3B010DC3C0B11330C42FFC10F4142B6400C0E0031
                                                                                                                                                                                                                        Function 0009ECD0 Relevance: 1.3, APIs: 1, Instructions: 30stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1659193697-0
                                                                                                                                                                                                                        • Opcode ID: c00626fb98cc446a9f5f2336d8bdb852dde94e08c01dfb99124358b5579ad8f1
                                                                                                                                                                                                                        • Instruction ID: a81f4212603eee3696bc7b0ebaed29d955024ef4253ea0f4bf53212244cb4d48
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c00626fb98cc446a9f5f2336d8bdb852dde94e08c01dfb99124358b5579ad8f1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14E0ED37200119ABDB11CB89EC84D9AFBADEBD5371704403BFA0487620D772AC25DBA0

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 000A0540 Relevance: 98.2, APIs: 29, Strings: 27, Instructions: 220libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,384F580C), ref: 000A0571
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 000A05B7
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,SetEntriesInAclW), ref: 000A05DD
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetFileSecurityW), ref: 000A05E9
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,SetFileSecurityW), ref: 000A05F5
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 000A0601
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetExplicitEntriesFromAclW), ref: 000A060D
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,RegGetKeySecurity), ref: 000A061C
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,RegSetKeySecurity), ref: 000A0628
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,InitializeSecurityDescriptor), ref: 000A0634
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,SetSecurityDescriptorDacl), ref: 000A0640
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetSecurityDescriptorDacl), ref: 000A064C
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,AllocateAndInitializeSid), ref: 000A0658
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,FreeSid), ref: 000A0664
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,OpenThreadToken), ref: 000A0670
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 000A067C
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,InitializeAcl), ref: 000A0688
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,InitializeSid), ref: 000A0694
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetSidSubAuthority), ref: 000A06A0
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,AddAccessAllowedAce), ref: 000A06AC
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetSecurityInfo), ref: 000A06B8
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,SetSecurityInfo), ref: 000A06C4
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,QueryServiceStatusEx), ref: 000A06D0
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetAce), ref: 000A06DC
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,DeleteAce), ref: 000A06E8
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,EqualSid), ref: 000A06F4
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetAclInformation), ref: 000A0700
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,SetSecurityDescriptorControl), ref: 000A070F
                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 000A07DE
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressProc$CriticalSection$EnterFreeLeaveLibrary
                                                                                                                                                                                                                        • String ID: AddAccessAllowedAce$AllocateAndInitializeSid$DeleteAce$EqualSid$FreeSid$GetAce$GetAclInformation$GetExplicitEntriesFromAclW$GetFileSecurityW$GetSecurityDescriptorDacl$GetSecurityInfo$GetSidSubAuthority$GetTokenInformation$InitializeAcl$InitializeSecurityDescriptor$InitializeSid$LookupAccountSidW$OpenThreadToken$QueryServiceStatusEx$RegGetKeySecurity$RegSetKeySecurity$SetEntriesInAclW$SetFileSecurityW$SetSecurityDescriptorControl$SetSecurityDescriptorDacl$SetSecurityInfo$advapi32.dll
                                                                                                                                                                                                                        • API String ID: 2701342527-838666417
                                                                                                                                                                                                                        • Opcode ID: d3067d83282fe48fd1a6836edb6146219b20559a7faec7747bba5e960f50e1ed
                                                                                                                                                                                                                        • Instruction ID: 569c02ed147ed49ce085e6f6e5a087bf5f6c1f6a510d84a867f3c14398fd346f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d3067d83282fe48fd1a6836edb6146219b20559a7faec7747bba5e960f50e1ed
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08813C30D44B19FEDF669FA5C84CB99BFA0FF06315F000526E504629A0D775A4A9DFC1
                                                                                                                                                                                                                        Function 000B8190 Relevance: 41.9, APIs: 7, Strings: 16, Instructions: 1638timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0007463F: GetProcessHeap.KERNEL32(?,?,?,0009C2E1,?,?,?,384F580C,?,00000000), ref: 00074676
                                                                                                                                                                                                                        • VariantTimeToSystemTime.OLEAUT32 ref: 000B8539
                                                                                                                                                                                                                        • GetLastError.KERNEL32(384F580C,?), ref: 000B867A
                                                                                                                                                                                                                          • Part of subcall function 00098690: FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000), ref: 000986D6
                                                                                                                                                                                                                          • Part of subcall function 00098690: LoadResource.KERNEL32(00000000,00000000), ref: 000986E4
                                                                                                                                                                                                                          • Part of subcall function 00098690: LockResource.KERNEL32(00000000), ref: 000986EF
                                                                                                                                                                                                                          • Part of subcall function 00098690: SizeofResource.KERNEL32(00000000,00000000), ref: 000986FD
                                                                                                                                                                                                                          • Part of subcall function 00098690: FindResourceW.KERNEL32(00000000,?,00000006), ref: 00098764
                                                                                                                                                                                                                          • Part of subcall function 00098690: LoadResource.KERNEL32(00000000,00000000), ref: 00098776
                                                                                                                                                                                                                          • Part of subcall function 00098690: LockResource.KERNEL32(00000000), ref: 00098785
                                                                                                                                                                                                                          • Part of subcall function 00098690: SizeofResource.KERNEL32(00000000,00000000), ref: 00098797
                                                                                                                                                                                                                        • __floor_pentium4.LIBCMT ref: 000B8C83
                                                                                                                                                                                                                        • __floor_pentium4.LIBCMT ref: 000B8CDF
                                                                                                                                                                                                                        • __floor_pentium4.LIBCMT ref: 000B8D37
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Resource$__floor_pentium4$FindLoadLockSizeofTime$ErrorHeapLastProcessSystemVariant
                                                                                                                                                                                                                        • String ID: $GetAsSystemTime failed: %d$Invalid DateTime$NWebAdvisor::NXmlUpdater::CDateSubstitution::FormatDateTime$NWebAdvisor::NXmlUpdater::CDateSubstitution::Substitute$TOMORROW$YESTERDAY$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateSubstitution.cpp$epoch$failed to convert date element(s) to int: year = %s, month = %s, day = %s$failed to convert epoch date: %s$failed to parse day: %s$failed to parse month: %s$failed to parse year: %s$string %s does not have %d symbols starting index %d$yyyy
                                                                                                                                                                                                                        • API String ID: 3108935575-1381540002
                                                                                                                                                                                                                        • Opcode ID: f64f7fafbb9f7f0240358bf09a47164baffec57425706fbf4619c62c0ae3709c
                                                                                                                                                                                                                        • Instruction ID: 97aec2f8ea5a0b928c41609f8a11b70b264c20be7fb799c7763a0b7eedad0380
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f64f7fafbb9f7f0240358bf09a47164baffec57425706fbf4619c62c0ae3709c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0CE2CE71E00219CBDB24DF68CC45BEEB7B5FF48304F108299E519A7292EB34AA85CF55
                                                                                                                                                                                                                        Function 000B2B30 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(?,384F580C,00000000,?,00000000,?,000B3AE3,00000000,00000000,?,00000000,811C9DC5,path,00000004,?), ref: 000B2B73
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Dispatcher), ref: 000B2B98
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Controller), ref: 000B2BA7
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Release), ref: 000B2BC8
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 000B2C46
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 000B2CC3
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,000B3AE3,00000000,00000000,?,00000000,811C9DC5,path,00000004), ref: 000B2CCB
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Dispatcher, xrefs: 000B2B92
                                                                                                                                                                                                                        • NWebAdvisor::NXmlUpdater::InternalImpl::GetInstance, xrefs: 000B2CDF
                                                                                                                                                                                                                        • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.cpp, xrefs: 000B2CE4
                                                                                                                                                                                                                        • Release, xrefs: 000B2BC2
                                                                                                                                                                                                                        • Controller, xrefs: 000B2B9E
                                                                                                                                                                                                                        • Failed to load library %s. Error 0x%08X, xrefs: 000B2CD5
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryProc$Free$ErrorLastLoad
                                                                                                                                                                                                                        • String ID: Controller$Dispatcher$Failed to load library %s. Error 0x%08X$NWebAdvisor::NXmlUpdater::InternalImpl::GetInstance$Release$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.cpp
                                                                                                                                                                                                                        • API String ID: 2058215185-435243658
                                                                                                                                                                                                                        • Opcode ID: 7ec83a7ed9cb7ec5ae8f0830712b6ef5e8b81847f9bcc43edbf098521ad89f68
                                                                                                                                                                                                                        • Instruction ID: 5554651243cfb357940907e3be339b357ccf9a11a23342424066f9fff353843f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ec83a7ed9cb7ec5ae8f0830712b6ef5e8b81847f9bcc43edbf098521ad89f68
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 184158B0A00314EFD7108FA9C944B9EBFF4FF08710F15816AE409AB291D7B58940CFA5
                                                                                                                                                                                                                        Function 000CB4F0 Relevance: 22.2, Strings: 17, Instructions: 999COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: $$ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$Error text not found (please report)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF8)$no error
                                                                                                                                                                                                                        • API String ID: 0-2110857069
                                                                                                                                                                                                                        • Opcode ID: 1d8fc55ea9095c456e60127becc5ed2a1e273bfe57da95d530fb2501f2e9f208
                                                                                                                                                                                                                        • Instruction ID: 9b88fc0928a0b0ea7b39db46e358b83f6ce5b3ba78c5bb8dc459ff3da0722334
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d8fc55ea9095c456e60127becc5ed2a1e273bfe57da95d530fb2501f2e9f208
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01927E71E042299BDB288F15CC51BEDBBF4AF49304F0441E9EA5DA7281E7709E85CF90
                                                                                                                                                                                                                        Function 00086220 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 428encryptionthreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?), ref: 00086268
                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00086274
                                                                                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000,?,?,?,?,?,?,?,?), ref: 000863BF
                                                                                                                                                                                                                        • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 000863DF
                                                                                                                                                                                                                        • CryptHashData.ADVAPI32(00000000,?,00000000,00000000,?,?,?,?,?,?,?,?), ref: 000863FC
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • 3c224a00-5d51-11cf-b3ca-000000000001, xrefs: 0008671E
                                                                                                                                                                                                                        • al exception rule %x:%x res %s, xrefs: 0008632E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Crypt$CurrentHash$AcquireContextCreateDataProcessThread
                                                                                                                                                                                                                        • String ID: 3c224a00-5d51-11cf-b3ca-000000000001$al exception rule %x:%x res %s
                                                                                                                                                                                                                        • API String ID: 3004248768-911235813
                                                                                                                                                                                                                        • Opcode ID: 1a1b93ec0274230c7ac3a14cd8e2dafe928fdf2ee9a6c45b128dfaa549579c16
                                                                                                                                                                                                                        • Instruction ID: e663c58e3d7e4de51b22758b3fa5ebda4f792ac6a33caa82a342f17065f25a7e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a1b93ec0274230c7ac3a14cd8e2dafe928fdf2ee9a6c45b128dfaa549579c16
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48F12935B012289FDB65DF14CC95BADB7B5BF48710F150099EA0AA7390DB70AE92CF90
                                                                                                                                                                                                                        Function 000867B0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 150encryptionthreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 000867F3
                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 000867FB
                                                                                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 0008687F
                                                                                                                                                                                                                        • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0008689F
                                                                                                                                                                                                                        • CryptHashData.ADVAPI32(00000000,?,00000000,00000000), ref: 000868BC
                                                                                                                                                                                                                        • CryptGetHashParam.ADVAPI32(00000000,00000002,?,00000010,00000000), ref: 000868DE
                                                                                                                                                                                                                        • CryptDestroyHash.ADVAPI32(00000000), ref: 000868EF
                                                                                                                                                                                                                        • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00086902
                                                                                                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,9EDBA51C,00000000,00000000,00000000,00000000,?,00000000), ref: 00086951
                                                                                                                                                                                                                        • DeviceIoControl.KERNEL32(?,9EDB651C,00000000,00000000,00000000,00000000,?,00000000), ref: 00086980
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Freeing access handle %p, xrefs: 000867D0
                                                                                                                                                                                                                        • al exception rule %x:%x res %s, xrefs: 00086824
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Crypt$Hash$ContextControlCurrentDevice$AcquireCreateDataDestroyParamProcessReleaseThread
                                                                                                                                                                                                                        • String ID: Freeing access handle %p$al exception rule %x:%x res %s
                                                                                                                                                                                                                        • API String ID: 581428007-3582322424
                                                                                                                                                                                                                        • Opcode ID: 388002fce13f86c9fbf88ca1eff3814261b3fd3f4c9ce7ec96093ea9272517d4
                                                                                                                                                                                                                        • Instruction ID: 772098c0e903eed64949488a5e4b6dd8a46fc5f3c9e80a02d178c229708c3ca1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 388002fce13f86c9fbf88ca1eff3814261b3fd3f4c9ce7ec96093ea9272517d4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1518171A00218ABEB709B60CC49FDA77FCBB04700F114295FA99E61D1DBB1AE95CF64
                                                                                                                                                                                                                        Function 00065400 Relevance: 18.4, APIs: 3, Strings: 7, Instructions: 918COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000659C1
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000659C6
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00066066
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                        • String ID: )$/$UPDATER_URL$YSTEM$heron_host$hti_auth_host$ps_host
                                                                                                                                                                                                                        • API String ID: 118556049-3423396178
                                                                                                                                                                                                                        • Opcode ID: b5cc6d1d1180a1f6cbe3b19e8916217c427ebcd1ac4a5dd14ba3642f8be66c2a
                                                                                                                                                                                                                        • Instruction ID: b81386b7980e6128495bc07c45772f96d70edce1ffe39e6c684895fd487d8879
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b5cc6d1d1180a1f6cbe3b19e8916217c427ebcd1ac4a5dd14ba3642f8be66c2a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E7211B1E04254DFEB24CF34CC157AE77B6EB19314F24422DE82AE7291EB759A84CB41
                                                                                                                                                                                                                        Function 0006A610 Relevance: 18.4, APIs: 3, Strings: 7, Instructions: 886COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0006ABD1
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0006ABD6
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0006B256
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                        • String ID: )$/$UPDATER_URL$YSTEM$heron_host$hti_auth_host$ps_host
                                                                                                                                                                                                                        • API String ID: 118556049-3423396178
                                                                                                                                                                                                                        • Opcode ID: b4613aa7d8a29e1831192b3dd9ab5182896f8ca118e995b64f6a73cd206a83f6
                                                                                                                                                                                                                        • Instruction ID: 18dbe7abb027c20da59dbb9bfc0e2e21c8a13c969c6d47bbbbf2dbe936c8cd57
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b4613aa7d8a29e1831192b3dd9ab5182896f8ca118e995b64f6a73cd206a83f6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7972F2B1E04254CFDB24DF24CC557AE77B6FB0A304F20462DE42AE7292EB759A84CB51
                                                                                                                                                                                                                        Function 00062B00 Relevance: 18.4, APIs: 3, Strings: 7, Instructions: 886COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000630C1
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000630C6
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00063746
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                        • String ID: )$/$UPDATER_URL$YSTEM$heron_host$hti_auth_host$ps_host
                                                                                                                                                                                                                        • API String ID: 118556049-3423396178
                                                                                                                                                                                                                        • Opcode ID: b22a3a5c89c4bbaf6b2732d0b549581c09d9966a52e0dda1e7ff3a095fd08bca
                                                                                                                                                                                                                        • Instruction ID: 6f7b14199f0417945313c6004fa35c3fc6b861e2264d88fddca27f3b86cb95db
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b22a3a5c89c4bbaf6b2732d0b549581c09d9966a52e0dda1e7ff3a095fd08bca
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C7215B1D04254CFEB24CF24CC557AE77F6EF48314F20462DE45AA7292EB75AA84CB81
                                                                                                                                                                                                                        Function 0006CF40 Relevance: 18.4, APIs: 3, Strings: 7, Instructions: 886COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0006D501
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0006D506
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0006DB86
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                        • String ID: )$/$UPDATER_URL$YSTEM$heron_host$hti_auth_host$ps_host
                                                                                                                                                                                                                        • API String ID: 118556049-3423396178
                                                                                                                                                                                                                        • Opcode ID: c44c09330be3cda41ddcd44fa364874f65af5a4f074bc7b12373e6d811969c8a
                                                                                                                                                                                                                        • Instruction ID: bb51d4bc2a225aa8b3e10a03df631639972d41997854fb9b8a744bdad1d8467b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c44c09330be3cda41ddcd44fa364874f65af5a4f074bc7b12373e6d811969c8a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 387223B1E04254CFDB24CF24CC157AE77B5EF19314F20462EE82AAB691EB759A84CB41
                                                                                                                                                                                                                        Function 0006F830 Relevance: 18.4, APIs: 3, Strings: 7, Instructions: 886COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0006FDF1
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0006FDF6
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00070476
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                        • String ID: )$/$UPDATER_URL$YSTEM$heron_host$hti_auth_host$ps_host
                                                                                                                                                                                                                        • API String ID: 118556049-3423396178
                                                                                                                                                                                                                        • Opcode ID: 152fc6c320d41e2d2abb39dc2062022a5f0051e9b28316cba462e0416e21701f
                                                                                                                                                                                                                        • Instruction ID: 9921a81ac0f55f643476871ed6c0395d6cd48b97bab002d918a1bc47327939b0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 152fc6c320d41e2d2abb39dc2062022a5f0051e9b28316cba462e0416e21701f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5172F1B1E00255DFDB24CF24DC157BEB7B5BB09314F20822DE46AA7391EB75AA84CB41
                                                                                                                                                                                                                        Function 000BA540 Relevance: 15.8, Strings: 12, Instructions: 846COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Unable to substitute the arguments, xrefs: 000BB077
                                                                                                                                                                                                                        • Unknown comparison operator: %s, xrefs: 000BA94F
                                                                                                                                                                                                                        • failed to parse date from value: %s, xrefs: 000BA63C
                                                                                                                                                                                                                        • [DATE:TODAY], xrefs: 000BAA28
                                                                                                                                                                                                                        • stol argument out of range, xrefs: 000BA991
                                                                                                                                                                                                                        • NEQ, xrefs: 000BA8CD
                                                                                                                                                                                                                        • invalid substitutor, xrefs: 000BA9F8
                                                                                                                                                                                                                        • invalid stol argument, xrefs: 000BA987
                                                                                                                                                                                                                        • failed to parse date from name: %s, xrefs: 000BA5B2
                                                                                                                                                                                                                        • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateDeltaPrecondition.cpp, xrefs: 000BA95B, 000BAA04, 000BB083
                                                                                                                                                                                                                        • NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::CheckDateDelatImpl, xrefs: 000BA956
                                                                                                                                                                                                                        • NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::IsPreconditionSatisfied, xrefs: 000BA9FF, 000BB07E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Time$SystemVariant
                                                                                                                                                                                                                        • String ID: NEQ$NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::CheckDateDelatImpl$NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::IsPreconditionSatisfied$Unable to substitute the arguments$Unknown comparison operator: %s$[DATE:TODAY]$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateDeltaPrecondition.cpp$failed to parse date from name: %s$failed to parse date from value: %s$invalid stol argument$invalid substitutor$stol argument out of range
                                                                                                                                                                                                                        • API String ID: 352189841-3100175478
                                                                                                                                                                                                                        • Opcode ID: c380c56fc3c14ea6420c2a36232cdd0b94a9ce977e4139e9a1ed3c26a2b52d01
                                                                                                                                                                                                                        • Instruction ID: de4fb8945dbd9c2d999913fe8fbd8fb25f79b8b22eba60f25ac0bbaa7cb5ec18
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c380c56fc3c14ea6420c2a36232cdd0b94a9ce977e4139e9a1ed3c26a2b52d01
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED72A271E10308DADF65DFA8C851BEEB7B4BF16304F108259E419BB282EB746A85CF51
                                                                                                                                                                                                                        Function 000C28A0 Relevance: 13.0, Strings: 10, Instructions: 464COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: Encountered SEND_EVENT, but no event reporter was defined$Invalid$Invalid arguments passed to SEND_EVENT command$NWebAdvisor::NXmlUpdater::CSendEventCommand::Execute$Name$Unable to substitute variables for the SEND_EVENT command$Unexpected call to legacy SEND_EVENT command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SendEventCommand.cpp$default$invalid substitutor
                                                                                                                                                                                                                        • API String ID: 0-494503603
                                                                                                                                                                                                                        • Opcode ID: c35a9a2dbada716a7b8e4d9cb9695f0817f514dc0d9e510920cc32e2582f50d9
                                                                                                                                                                                                                        • Instruction ID: 94d7765c7d2d39b10cd87be4f044b01aa111afe7724d4905ef1d862dd76599d1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c35a9a2dbada716a7b8e4d9cb9695f0817f514dc0d9e510920cc32e2582f50d9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6027D70E44208ABDB14DF90C996FEEB7B4AF19704F144058F5057B6C2DBB6AE08CBA5
                                                                                                                                                                                                                        Function 000C6D43 Relevance: 10.7, Strings: 8, Instructions: 655COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: @$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)$^$alpha
                                                                                                                                                                                                                        • API String ID: 0-4118445655
                                                                                                                                                                                                                        • Opcode ID: 0bb04c20a8c701b1244e97347f5a2470428c1c192e1853afec4967bd6089be2b
                                                                                                                                                                                                                        • Instruction ID: 6a9050c96a141f6dfc023fb97983538b55083069e9729ba22ad06a28bd2250df
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0bb04c20a8c701b1244e97347f5a2470428c1c192e1853afec4967bd6089be2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F427E74D083588BDF79CFA4C884BADBBB1AF06304F28419DD98AAB252D7319D85CF51
                                                                                                                                                                                                                        Function 0010D8E0 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __floor_pentium4
                                                                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                        • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                        • Opcode ID: 130241b7eaca01c111c1f62d841b4f6a38a82a9b6c050d856b7db44609a66f37
                                                                                                                                                                                                                        • Instruction ID: 3a80fea6c3d882260ed5daeabb3023e9b39b56f39fc4d93cd13a7632b8bf5cec
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 130241b7eaca01c111c1f62d841b4f6a38a82a9b6c050d856b7db44609a66f37
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9C24B71E046288FDB24CE69DD407E9B7F5EB48304F1545EAD88EE7281E7B5AE818F40
                                                                                                                                                                                                                        Function 0010CE06 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,2000000B,0010D124,00000002,00000000,?,?,?,0010D124,?,00000000), ref: 0010CE9F
                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20001004,0010D124,00000002,00000000,?,?,?,0010D124,?,00000000), ref: 0010CEC8
                                                                                                                                                                                                                        • GetACP.KERNEL32(?,?,0010D124,?,00000000), ref: 0010CEDD
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                                                                                        • String ID: ACP$OCP
                                                                                                                                                                                                                        • API String ID: 2299586839-711371036
                                                                                                                                                                                                                        • Opcode ID: 8e797e5194b310458fade7922bfb0e1261e4edfecf2997cb97b72ac214955411
                                                                                                                                                                                                                        • Instruction ID: b5df0cede4951791d80cba5f8e26a1643f9f4cd0857d8de9bf1c3aa3df0d82b4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e797e5194b310458fade7922bfb0e1261e4edfecf2997cb97b72ac214955411
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AB21F832600101ABDB34CF24C900BA77BA6AF60F54B574634E98AD7290E7B2DE41DFD0
                                                                                                                                                                                                                        Function 000AD2C0 Relevance: 8.0, Strings: 6, Instructions: 504COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: expected ' or "$expected =$expected >$expected element name$invalid numeric character entity$unexpected end of data
                                                                                                                                                                                                                        • API String ID: 0-1758782166
                                                                                                                                                                                                                        • Opcode ID: 6e84446af2b9bba67f2250198addc9a14ad5af32010574f17d6c8c715ca56eba
                                                                                                                                                                                                                        • Instruction ID: e8c66a6b729d397f3ba103373baeab3e3e962b9a59ec488401a5c36e32b32f9a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e84446af2b9bba67f2250198addc9a14ad5af32010574f17d6c8c715ca56eba
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB0235B05002009FCB28CF69C49177ABBF5FF1A304F28859EE48A8F692E775D945CB91
                                                                                                                                                                                                                        Function 0010CFDB Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00104E01), ref: 00101CAE
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00101D4C
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: _free.LIBCMT ref: 00101D0B
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: _free.LIBCMT ref: 00101D41
                                                                                                                                                                                                                        • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0010D0E7
                                                                                                                                                                                                                        • IsValidCodePage.KERNEL32(00000000), ref: 0010D130
                                                                                                                                                                                                                        • IsValidLocale.KERNEL32(?,00000001), ref: 0010D13F
                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0010D187
                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0010D1A6
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 949163717-0
                                                                                                                                                                                                                        • Opcode ID: dadf4f487823e73f344d493ddfa3a6347e1a4602c194b5f1c8ee00b9ded13b5e
                                                                                                                                                                                                                        • Instruction ID: 324d5b92839b5802927524de6f9ec6609b84169b4094bcd6e441faabdd3d4d00
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dadf4f487823e73f344d493ddfa3a6347e1a4602c194b5f1c8ee00b9ded13b5e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B951B071A00206AFDB20DFE4DC41ABA77B8BF15700F154569F994EB1D4EBF09941CBA1
                                                                                                                                                                                                                        Function 000D0660 Relevance: 7.2, Strings: 5, Instructions: 986COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: ERCP$PCRE$VUUU$VUUU$VUUU
                                                                                                                                                                                                                        • API String ID: 0-663802839
                                                                                                                                                                                                                        • Opcode ID: 4779a836a905cd0484fa5157afdf84fe221e6a5699075ea38211f00d52ce6997
                                                                                                                                                                                                                        • Instruction ID: b692f3af86790d4ae2d144c7da3496f0216122d44b4cf4c274a91bb0033d6cc7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4779a836a905cd0484fa5157afdf84fe221e6a5699075ea38211f00d52ce6997
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7824771A003598BDB64CF28C8847EDB7F2BB49314F1442AAD85DAB381DB719E85CF61
                                                                                                                                                                                                                        Function 000C7602 Relevance: 6.2, Strings: 4, Instructions: 1247COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: #$($?$n
                                                                                                                                                                                                                        • API String ID: 0-1429268647
                                                                                                                                                                                                                        • Opcode ID: ce569c376eb143e28d54bbf29554332670809aa77208038bc634576051c1710e
                                                                                                                                                                                                                        • Instruction ID: 8ed7532093a0b1b433366cb7ba0685b6c5f14f0069bfccad7398b4c2114ced59
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce569c376eb143e28d54bbf29554332670809aa77208038bc634576051c1710e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1B23D74E042598FCB25CFA8C894BADFBB1BF59300F18829DD459AB346D730A946CF51
                                                                                                                                                                                                                        Function 000E93F2 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 000E93FE
                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 000E94CA
                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 000E94EA
                                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 000E94F4
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 254469556-0
                                                                                                                                                                                                                        • Opcode ID: cf868ec92eedf107c2eea66d23d1aab2c64478ff0c976ba33c8c607e795343d9
                                                                                                                                                                                                                        • Instruction ID: 84103cc3e76fdc78a3a58dd549f78597136a1b366d5a9ee1abc3a2aa8fa5d166
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf868ec92eedf107c2eea66d23d1aab2c64478ff0c976ba33c8c607e795343d9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38311875D0121CEFDB61DFA5D989BCDBBF8AF08300F1041AAE40DAB251EB709A858F15
                                                                                                                                                                                                                        Function 000C83A0 Relevance: 5.5, Strings: 4, Instructions: 532COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: )$)$:$\b(?=\w)
                                                                                                                                                                                                                        • API String ID: 0-1096454370
                                                                                                                                                                                                                        • Opcode ID: 63501bfb77d51c87019547b81341d4e844671285fa458111862b5bb507a82753
                                                                                                                                                                                                                        • Instruction ID: 6faf96ba3ed73ea40acf178cba4a33ff29b82e9eadb175e0ca4956bf9f06f834
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63501bfb77d51c87019547b81341d4e844671285fa458111862b5bb507a82753
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20324A74E042598FDB25CFA8C884BADBBB1BF09314F24819ED85AAB351C7749D85CF50
                                                                                                                                                                                                                        Function 0010CA80 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00104E01), ref: 00101CAE
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00101D4C
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: _free.LIBCMT ref: 00101D0B
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: _free.LIBCMT ref: 00101D41
                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0010CAD4
                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0010CB1E
                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0010CBE4
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InfoLocale$ErrorLast_free
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3140898709-0
                                                                                                                                                                                                                        • Opcode ID: 9077e7b33fa077a7aed456ddd07a865200c6fe49a39c309f2ae9539d813efe57
                                                                                                                                                                                                                        • Instruction ID: 7e225ed33495c75f3f1bd9bc41e5ffd72d19bf2eb2ef2d86808ca6b35bb182c4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9077e7b33fa077a7aed456ddd07a865200c6fe49a39c309f2ae9539d813efe57
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A161D3715002079FEB289F24CD82BBA77A8EF14340F1442BAED49D65C5EBB4D991DF90
                                                                                                                                                                                                                        Function 000ED453 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,001680CC), ref: 000ED54B
                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,001680CC), ref: 000ED555
                                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,001680CC), ref: 000ED562
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3906539128-0
                                                                                                                                                                                                                        • Opcode ID: 344aee59ac2344ce1c32e22e5036be803c75c1c59ea098d126bb073187e31b30
                                                                                                                                                                                                                        • Instruction ID: a95bc9a89efaa35ddad05501822a02a97a20971fe27db3e1bf1ff22a4ee46141
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 344aee59ac2344ce1c32e22e5036be803c75c1c59ea098d126bb073187e31b30
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F131C4B5901218ABCB61DF29D8897CDBBF8BF18310F5041EAE40CA7261EB709F858F55
                                                                                                                                                                                                                        Function 000FE8FE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,000FE8FD,00000002,00000002,?,00000002), ref: 000FE920
                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,000FE8FD,00000002,00000002,?,00000002), ref: 000FE927
                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 000FE939
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                        • Opcode ID: 08a53663c7da2ead8693934c27b6bd9828822a79b7da2f08afc280af45482e6d
                                                                                                                                                                                                                        • Instruction ID: e564f9566adc881c4e7d134b746352bb86004dd90ad7bfb398385fa78db6cd93
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08a53663c7da2ead8693934c27b6bd9828822a79b7da2f08afc280af45482e6d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15E0463100414CFFCF616F24DD08A683BAAFB04341B044414FA098A932CBB5ED93DA61
                                                                                                                                                                                                                        Function 00098EA0 Relevance: 3.6, APIs: 2, Instructions: 635COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000991DE
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0009952E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 118556049-0
                                                                                                                                                                                                                        • Opcode ID: 4bf84a283cbce37f00310d57f30b9ea364e49222369d0ccc6da8d83e20e712cc
                                                                                                                                                                                                                        • Instruction ID: 7c369a02468f72639058e04f1f2e4616387331fba791dbf64014808c515c89a3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4bf84a283cbce37f00310d57f30b9ea364e49222369d0ccc6da8d83e20e712cc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0622AE72E00119AFCF25DFA8DC41AAEB7B5FF49350F15822DF815B7292DB30A9019B91
                                                                                                                                                                                                                        Function 000FB340 Relevance: 3.4, APIs: 2, Instructions: 450COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 85f91763730849d915511db82139adc0cf9be373c6b07c1b70189e3b8341c6ec
                                                                                                                                                                                                                        • Instruction ID: f782fd3f86b190303fd6279e8e05d19e16cfb3ea1e9850b839b08d2a0c550d73
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85f91763730849d915511db82139adc0cf9be373c6b07c1b70189e3b8341c6ec
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26F13A71E002199FDF14DFA8C9806AEBBF1FF88314F258269D919AB745D731AA01DF90
                                                                                                                                                                                                                        Function 001070B4 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,000F5A30,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,?,00000003,?,?,?,00000000,00000480), ref: 0010703D
                                                                                                                                                                                                                        • OutputDebugStringW.KERNEL32(?,?,000F5A30,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,?,00000003,?,?,?,00000000,00000480,?), ref: 00107054
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DebugDebuggerOutputPresentString
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4086329628-0
                                                                                                                                                                                                                        • Opcode ID: bd73c4f080b4d64438e56de6076bf85aabab99e958f1988a4dea966610deb86e
                                                                                                                                                                                                                        • Instruction ID: b55bcc191300c24dcead4c2e7b6d00507bc4caa36cc3fbf084007b738c3231a5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd73c4f080b4d64438e56de6076bf85aabab99e958f1988a4dea966610deb86e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6201F771948119B7DA202A909C45B7F374CDF16361F248601FA85861C5CBE1F81291B2
                                                                                                                                                                                                                        Function 001014AF Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,001014AA,?,?,00000008,?,?,00110D68,00000000), ref: 001016DC
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExceptionRaise
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3997070919-0
                                                                                                                                                                                                                        • Opcode ID: 4201d3f0566b8e7fbd11b3b794b409a756385439d924150f08c6e55b98b0a112
                                                                                                                                                                                                                        • Instruction ID: f2fc8262c4e7ee6532e824f44088d4aaf248e33805f1a3a8cf5115aece8e096b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4201d3f0566b8e7fbd11b3b794b409a756385439d924150f08c6e55b98b0a112
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80B14C35210608EFD719CF28C886A657BE1FF45364F298658E8DACF2E1C779E991CB40
                                                                                                                                                                                                                        Function 000E9215 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 000E922B
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2325560087-0
                                                                                                                                                                                                                        • Opcode ID: 4e8a85dc6f634eede0550efd0ffde83425c59515405e451562e3927c50f4fe55
                                                                                                                                                                                                                        • Instruction ID: f957c6cf5336e72f5dc3234438d04996b8bff8e2456c8f480f06a83baa7d3d0d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4e8a85dc6f634eede0550efd0ffde83425c59515405e451562e3927c50f4fe55
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8519FB1A10205DFEB15CF66D9857AEBBF0FB48315F24856ED405EB6A0D3B49D80CB50
                                                                                                                                                                                                                        Function 000BF150 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: 1.3.6.1.4.1.311.2.4.1
                                                                                                                                                                                                                        • API String ID: 0-146536318
                                                                                                                                                                                                                        • Opcode ID: ffa4680c2292f39596adae627485d383ff772deab4a5d2e5845f5f6cdf4c33be
                                                                                                                                                                                                                        • Instruction ID: 805992045e0b3ef9bfa7d0d44e1dd9d9027e3ad829af466e1cadfaed3f55b6f9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ffa4680c2292f39596adae627485d383ff772deab4a5d2e5845f5f6cdf4c33be
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14D159B5D0021A9FCB24DF68CC85BEEBBF5EF49710F1041A9E819A7251D771AA44CFA0
                                                                                                                                                                                                                        Function 0010CCE0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00104E01), ref: 00101CAE
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00101D4C
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: _free.LIBCMT ref: 00101D0B
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: _free.LIBCMT ref: 00101D41
                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0010CD34
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLast_free$InfoLocale
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2003897158-0
                                                                                                                                                                                                                        • Opcode ID: 2c81040bea059328304d4dcd2494a51696173f466c19a1dd88cbe6cb6843bbc8
                                                                                                                                                                                                                        • Instruction ID: bd489565265bc9d043c96c5a2a1f15aab99d78f3682be280b9e163ef02fbdf1a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c81040bea059328304d4dcd2494a51696173f466c19a1dd88cbe6cb6843bbc8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E021D772610206ABDB289B69DC42AFA7BACEF54304F10017AFD46D61C1EBB5DD449FD0
                                                                                                                                                                                                                        Function 0010C952 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00104E01), ref: 00101CAE
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00101D4C
                                                                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(0010CA80,00000001,00000000,?,-00000050,?,0010D0BB,00000000,?,?,?,00000055,?), ref: 0010C9C4
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2417226690-0
                                                                                                                                                                                                                        • Opcode ID: adffa41e1e8cb041156901f97d37520592bfe09e053201e4619d04f40fc2ee8f
                                                                                                                                                                                                                        • Instruction ID: 1365e0606be2a92dded1ebe8c0c8565ffca855d0dc08f7568e9d33c4d22dc3ef
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: adffa41e1e8cb041156901f97d37520592bfe09e053201e4619d04f40fc2ee8f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7611E9372007059FDB189F39C8915BAB791FF8435DB18452DE9C787A80D7B1A942CB80
                                                                                                                                                                                                                        Function 0010CF0C Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00104E01), ref: 00101CAE
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00101D4C
                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0010CC9C,00000000,00000000,?), ref: 0010CF38
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3736152602-0
                                                                                                                                                                                                                        • Opcode ID: 9cb2109ea7aa7df82bbcabec72961fd6bf6735ac2a19ad55945fd7eb26477971
                                                                                                                                                                                                                        • Instruction ID: e421df5c53056319bbbb2bc8ec14fcbbc8f9f4f610a062b4e125f6433df6766e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9cb2109ea7aa7df82bbcabec72961fd6bf6735ac2a19ad55945fd7eb26477971
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67F0F932600113BBDB285764D805BBA7B59EB40758F154624ED95E31C0EBB4FE41CDD1
                                                                                                                                                                                                                        Function 0010C9ED Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00104E01), ref: 00101CAE
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00101D4C
                                                                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(0010CCE0,00000001,?,?,-00000050,?,0010D07F,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0010CA37
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2417226690-0
                                                                                                                                                                                                                        • Opcode ID: cfa575f61d8ef5e1af5139f7e93158bc1fc483ed42918bd03865e72c5bb0d9be
                                                                                                                                                                                                                        • Instruction ID: e9438d28e0d3c6ae48d19cab640f2ecbba3b1b49d5fdf3cb47ad49f063de8a89
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfa575f61d8ef5e1af5139f7e93158bc1fc483ed42918bd03865e72c5bb0d9be
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23F0F636300308AFDB249F39DC81A7ABB95EF8136CB15452DF9858B6D0D7F1AC42CA90
                                                                                                                                                                                                                        Function 0010C907 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00104E01), ref: 00101CAE
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00101D4C
                                                                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(0010C860,00000001,?,?,?,0010D0DD,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0010C93E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2417226690-0
                                                                                                                                                                                                                        • Opcode ID: e4d92ba4a26e078c38b318c92677861d6ca934b550aec862ac1017f16be86182
                                                                                                                                                                                                                        • Instruction ID: f761d6b1a2967f6291e6b52e0ca31229cbcc7c05b630d724545fa8fd65bcaf2c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4d92ba4a26e078c38b318c92677861d6ca934b550aec862ac1017f16be86182
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87F0553630020467CB159F7ADC06A6ABF94EFC1B28B0A405AFE458B280C7B19942CB90
                                                                                                                                                                                                                        Function 001045DA Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00100C61,?,20001004,00000000,00000002,?,?,0010024C), ref: 0010460E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2299586839-0
                                                                                                                                                                                                                        • Opcode ID: 73239ffff7a0ec0187caa0d0eed2a4b20ed9084a61c10cb9ce787dfd21c044aa
                                                                                                                                                                                                                        • Instruction ID: 15aabf4810d6215d8d2248a0a50337139f3fa040d78a29687dd1f0a1d00eae34
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73239ffff7a0ec0187caa0d0eed2a4b20ed9084a61c10cb9ce787dfd21c044aa
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50E04F71500228BBCF222F60EC44E9E3F69EF55761F064010FE95662A1CBB28971AAD5
                                                                                                                                                                                                                        Function 000E9586 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_000895A0,000E8A95), ref: 000E958B
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                                        • Opcode ID: 6cf87e6d2ec08aba7c391a38b33148abf4bb252c9e952fcd89ba5ef8ae9fffa5
                                                                                                                                                                                                                        • Instruction ID: 4eaabe8747dcf76550f81e4f23109680c261faa433e8fc996b9d17af13c2eebb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6cf87e6d2ec08aba7c391a38b33148abf4bb252c9e952fcd89ba5ef8ae9fffa5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                        Function 000F0B4B Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                                                                        • Opcode ID: e96263b1a177fed78a4ef76b3ae1ed5cb1b3f1cb0d6dd1a53cf67c4544840541
                                                                                                                                                                                                                        • Instruction ID: 164b71d674cb22004c018519704eb02a72dceef2eb74e31b15957ef1ebbd1702
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e96263b1a177fed78a4ef76b3ae1ed5cb1b3f1cb0d6dd1a53cf67c4544840541
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE617A7070034D9ADF789B288891BBE73E5EB41704F540629EB82EBE83D7249D42B381
                                                                                                                                                                                                                        Function 000F0919 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                                                                        • Opcode ID: b85963471340551fc1d65e6da54e869a27c505fde31b74a5488fce3f4256d08d
                                                                                                                                                                                                                        • Instruction ID: dc027b94538d3527f6cc218194c2af3087a37f094e3efc3190eec45652e99713
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b85963471340551fc1d65e6da54e869a27c505fde31b74a5488fce3f4256d08d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D519B7060874DD6EFB8892888957FE77DA9B01300F18411EDB86E7E83E6929E44F343
                                                                                                                                                                                                                        Function 000C47C0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                        • API String ID: 0-336475711
                                                                                                                                                                                                                        • Opcode ID: 6fb12508065116c46aef4a98da073f7502f6843de2b66f53b6b35887674a1261
                                                                                                                                                                                                                        • Instruction ID: b4650ef2674748c61238e3a82f60ade33b3ff1c8bd61cbfcfe4e510543e58fbe
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fb12508065116c46aef4a98da073f7502f6843de2b66f53b6b35887674a1261
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D41EBA6A01248EFEB019F5994A3BDFBBB4EB62700F44409DD9042F383D575871BC7A2
                                                                                                                                                                                                                        Function 0007463F Relevance: 1.3, APIs: 1, Instructions: 58memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 000E88FA: EnterCriticalSection.KERNEL32(0016742C,?,?,?,0008402B,0016827C,384F580C,?,00081171,?), ref: 000E8905
                                                                                                                                                                                                                          • Part of subcall function 000E88FA: LeaveCriticalSection.KERNEL32(0016742C,?,?,?,0008402B,0016827C,384F580C,?,00081171,?), ref: 000E8942
                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(?,?,?,0009C2E1,?,?,?,384F580C,?,00000000), ref: 00074676
                                                                                                                                                                                                                          • Part of subcall function 000E88B0: EnterCriticalSection.KERNEL32(0016742C,?,?,00084086,0016827C,001268E0,?), ref: 000E88BA
                                                                                                                                                                                                                          • Part of subcall function 000E88B0: LeaveCriticalSection.KERNEL32(0016742C,?,?,00084086,0016827C,001268E0,?), ref: 000E88ED
                                                                                                                                                                                                                          • Part of subcall function 000E88B0: RtlWakeAllConditionVariable.NTDLL ref: 000E8964
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$ConditionHeapProcessVariableWake
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 325507722-0
                                                                                                                                                                                                                        • Opcode ID: 0e8d9274a268f6247b1cab97c5f805d54e7add611d20ff554b07d5057c677e3e
                                                                                                                                                                                                                        • Instruction ID: 5dcae7e33b8cfe64494f7f2a1957c2ee4bfec9aeb68eff90831b35f3ae1dab93
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e8d9274a268f6247b1cab97c5f805d54e7add611d20ff554b07d5057c677e3e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B11E671518644DFDB609B29FE06742B3E0A744324F154B19FA0CE76A3CFB458CC8B19
                                                                                                                                                                                                                        Function 00104619 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • GetSystemTimePreciseAsFileTime, xrefs: 00104629
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: GetSystemTimePreciseAsFileTime
                                                                                                                                                                                                                        • API String ID: 0-595813830
                                                                                                                                                                                                                        • Opcode ID: 57e21bb213ed10b85ce7c9f2720221bb353f79c99342bf2b8e99c0654948cf41
                                                                                                                                                                                                                        • Instruction ID: b40c5e045e52edfa3818a88f4caf7ccdcbfe101cf40cf1c61f0c7fde941efb92
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57e21bb213ed10b85ce7c9f2720221bb353f79c99342bf2b8e99c0654948cf41
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7EE0C232B8022473C23036906C06FAA7F84DB50BB2F440022FF0566A9197B148A186E9
                                                                                                                                                                                                                        Function 001168E0 Relevance: .7, Instructions: 711COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: c93143074e084b5f39dec4510a6073ea415b1cfe3cb7f4e85a14ecd60ae03a41
                                                                                                                                                                                                                        • Instruction ID: 376d7daca5838c92f07200c351ea84c3978355ed64f99302b4fe1e49387b4cd0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c93143074e084b5f39dec4510a6073ea415b1cfe3cb7f4e85a14ecd60ae03a41
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B325FB3F515145BDB0CCE5DCC927ECB3E3AF98214B0E813DA81AD7345EA78D9158A84
                                                                                                                                                                                                                        Function 00108609 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 1ab441e18378ce3b30e164295f00c3f7659757cd6a75728d8a474aed61d5a380
                                                                                                                                                                                                                        • Instruction ID: 6bdba4f60c49c252ad7f766323f05fcfdc6235e6799fe5c2fcee8bd872222a7e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ab441e18378ce3b30e164295f00c3f7659757cd6a75728d8a474aed61d5a380
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B32FF32D29F414DD7239634C822336A249AFB73D5F15D727F89AB5EAAEF6984C34100
                                                                                                                                                                                                                        Function 000F0DB0 Relevance: .2, Instructions: 239COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: b0aec363d0b1085d3a50d84ed31a9c458fd4eb121c7c5d064f629318e6e79920
                                                                                                                                                                                                                        • Instruction ID: 10b4c552a34df03b368903a5c6a87655b2fa877acbf219a8c8eb59f30eba5b0e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b0aec363d0b1085d3a50d84ed31a9c458fd4eb121c7c5d064f629318e6e79920
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC61667170020D9ADF789A2888917FEB3E5EB55300F444D2EE742DBE83D7A19D4AB341
                                                                                                                                                                                                                        Function 000F933A Relevance: .2, Instructions: 159COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 3d4406a1fdde6bc6bac325aee5dd4238fab62e370ddbc8ac11956ba0301d4bd2
                                                                                                                                                                                                                        • Instruction ID: fcaef85e111fab79c6dc7b5ec4c5dc9229d97c63da4179d000f3b5a69e7101b8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d4406a1fdde6bc6bac325aee5dd4238fab62e370ddbc8ac11956ba0301d4bd2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8517271E00119AFDF18CF99C981BFEBBB2EF89304F198059E515AB241C734AE51DB50
                                                                                                                                                                                                                        Function 00110AB2 Relevance: .1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: fe36d314cace9dbe088dd5bceeca5c7c37e657bdf5fefdc83de5c8862a5f224b
                                                                                                                                                                                                                        • Instruction ID: a4475fcac966183b8003c0dbb5096c175deb8d47786e137f680df91a2fc3a835
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe36d314cace9dbe088dd5bceeca5c7c37e657bdf5fefdc83de5c8862a5f224b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4921B373F204394B7B0CC47E8C562BDB6E1C78C601745823AE8A6EA2C1D968D917E2E4
                                                                                                                                                                                                                        Function 00110992 Relevance: .1, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 809b61bd83199e8a3d50fb15c8683827f12f038e1d136646839efa6ae2a23b00
                                                                                                                                                                                                                        • Instruction ID: f1418570d48dca91eba6df52343bdb9b55b13e52ec4ddeee1a40b4327cdc2c9e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 809b61bd83199e8a3d50fb15c8683827f12f038e1d136646839efa6ae2a23b00
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10117323F30C295A775C816D8C172BAA5D6EBD825470F533AD826E7284E9A4DE13D290
                                                                                                                                                                                                                        Function 000EADD0 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                        • Instruction ID: 28ab42bc0ca0f5412ba84a40ef53d1389eb337653590fc503b1dfc76e1fcca50
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3115BB73010C24FD694862FD8F46B7A3D9EBDF32072C437AD1426B764D122F9459902
                                                                                                                                                                                                                        Function 000D6AB0 Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 000D6AB6
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 000D6AC4
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 000D6AD5
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 000D6AE6
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 000D6AF7
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 000D6B08
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 000D6B19
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 000D6B2A
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 000D6B3B
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 000D6B4C
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 000D6B5D
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 000D6B6E
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 000D6B7F
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 000D6B90
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 000D6BA1
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 000D6BB2
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 000D6BC3
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 000D6BD4
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 000D6BE5
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 000D6BF6
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 000D6C07
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 000D6C18
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 000D6C29
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 000D6C3A
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 000D6C4B
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 000D6C5C
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 000D6C6D
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 000D6C7E
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 000D6C8F
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 000D6CA0
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 000D6CB1
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 000D6CC2
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 000D6CD3
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 000D6CE4
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 000D6CF5
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 000D6D06
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 000D6D17
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 000D6D28
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 000D6D39
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 000D6D4A
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 000D6D5B
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                        • String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
                                                                                                                                                                                                                        • API String ID: 667068680-295688737
                                                                                                                                                                                                                        • Opcode ID: be8d6fb79135ad999637cb5324622e819dabe3bb576e564db0329102cfda8490
                                                                                                                                                                                                                        • Instruction ID: a4d8ce0a5febe6b7994c871fd437f5a23cc1fadd3fb122c3e8e680741d013571
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: be8d6fb79135ad999637cb5324622e819dabe3bb576e564db0329102cfda8490
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0615671A96310BBD7506FB4AC5DE963EE8BB09B0A704196EF101D39E0D7F440A2CF98
                                                                                                                                                                                                                        Function 000DE2B1 Relevance: 48.4, APIs: 32, Instructions: 449COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000DE2B8
                                                                                                                                                                                                                        • ctype.LIBCPMT ref: 000DE2FF
                                                                                                                                                                                                                          • Part of subcall function 00073055: __Getctype.LIBCPMT ref: 00073064
                                                                                                                                                                                                                          • Part of subcall function 000D7FAF: __EH_prolog3.LIBCMT ref: 000D7FB6
                                                                                                                                                                                                                          • Part of subcall function 000D7FAF: std::_Lockit::_Lockit.LIBCPMT ref: 000D7FC0
                                                                                                                                                                                                                          • Part of subcall function 000D7FAF: std::_Lockit::~_Lockit.LIBCPMT ref: 000D8031
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE30D
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE324
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE36B
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE39E
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE3F0
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE405
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE424
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE443
                                                                                                                                                                                                                        • collate.LIBCPMT ref: 000DE44D
                                                                                                                                                                                                                        • __Getcoll.LIBCPMT ref: 000DE48F
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE4BA
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE4FB
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE510
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE559
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE58C
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE5E7
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE643
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE696
                                                                                                                                                                                                                          • Part of subcall function 000D8203: __EH_prolog3.LIBCMT ref: 000D820A
                                                                                                                                                                                                                          • Part of subcall function 000D8203: std::_Lockit::_Lockit.LIBCPMT ref: 000D8214
                                                                                                                                                                                                                          • Part of subcall function 000D8203: std::_Lockit::~_Lockit.LIBCPMT ref: 000D8285
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE6B5
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE707
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE74C
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE761
                                                                                                                                                                                                                          • Part of subcall function 000D87D5: __EH_prolog3.LIBCMT ref: 000D87DC
                                                                                                                                                                                                                          • Part of subcall function 000D87D5: std::_Lockit::_Lockit.LIBCPMT ref: 000D87E6
                                                                                                                                                                                                                          • Part of subcall function 000D87D5: std::_Lockit::~_Lockit.LIBCPMT ref: 000D8857
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE780
                                                                                                                                                                                                                          • Part of subcall function 000D7C31: __EH_prolog3.LIBCMT ref: 000D7C38
                                                                                                                                                                                                                          • Part of subcall function 000D7C31: std::_Lockit::_Lockit.LIBCPMT ref: 000D7C42
                                                                                                                                                                                                                          • Part of subcall function 000D7C31: std::_Lockit::~_Lockit.LIBCPMT ref: 000D7CB3
                                                                                                                                                                                                                        • codecvt.LIBCPMT ref: 000DE7B5
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE7BF
                                                                                                                                                                                                                          • Part of subcall function 000D86AB: __EH_prolog3.LIBCMT ref: 000D86B2
                                                                                                                                                                                                                          • Part of subcall function 000D86AB: std::_Lockit::_Lockit.LIBCPMT ref: 000D86BC
                                                                                                                                                                                                                          • Part of subcall function 000D86AB: std::_Lockit::~_Lockit.LIBCPMT ref: 000D872D
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE677
                                                                                                                                                                                                                          • Part of subcall function 000D5688: Concurrency::cancel_current_task.LIBCPMT ref: 000D5748
                                                                                                                                                                                                                          • Part of subcall function 000D5688: __EH_prolog3.LIBCMT ref: 000D5755
                                                                                                                                                                                                                          • Part of subcall function 000D5688: std::locale::_Locimp::_Makeloc.LIBCPMT ref: 000D5781
                                                                                                                                                                                                                          • Part of subcall function 000D5688: std::_Locinfo::~_Locinfo.LIBCPMT ref: 000D578C
                                                                                                                                                                                                                          • Part of subcall function 000D8298: __EH_prolog3.LIBCMT ref: 000D829F
                                                                                                                                                                                                                          • Part of subcall function 000D8298: std::_Lockit::_Lockit.LIBCPMT ref: 000D82A9
                                                                                                                                                                                                                          • Part of subcall function 000D8298: std::_Lockit::~_Lockit.LIBCPMT ref: 000D831A
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE658
                                                                                                                                                                                                                          • Part of subcall function 000D5688: __EH_prolog3.LIBCMT ref: 000D568F
                                                                                                                                                                                                                          • Part of subcall function 000D5688: std::_Lockit::_Lockit.LIBCPMT ref: 000D5699
                                                                                                                                                                                                                          • Part of subcall function 000D5688: std::_Lockit::~_Lockit.LIBCPMT ref: 000D573D
                                                                                                                                                                                                                          • Part of subcall function 000D80D9: __EH_prolog3.LIBCMT ref: 000D80E0
                                                                                                                                                                                                                          • Part of subcall function 000D80D9: std::_Lockit::_Lockit.LIBCPMT ref: 000D80EA
                                                                                                                                                                                                                          • Part of subcall function 000D80D9: std::_Lockit::~_Lockit.LIBCPMT ref: 000D815B
                                                                                                                                                                                                                        • numpunct.LIBCPMT ref: 000DE6F7
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE4A3
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000DE7D4
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locimp::_std::locale::_$AddfacLocimp_$std::_$Lockit$H_prolog3$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypeLocinfoLocinfo::~_Makeloccodecvtcollatectypenumpunct
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3784148211-0
                                                                                                                                                                                                                        • Opcode ID: fbd0062e556657253dfdba71ca4066dea660d99a9d01e517226a9c8054f60b12
                                                                                                                                                                                                                        • Instruction ID: 2ad51460ed6204a0da3d63edb37550a181d15e6f9aae0df747a832fa1a501c2f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fbd0062e556657253dfdba71ca4066dea660d99a9d01e517226a9c8054f60b12
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53E17EB0C05355AEDB247F64CD4AAFE3AA4EF41354F15842AF8086B383EB758D1097B2
                                                                                                                                                                                                                        Function 000C0780 Relevance: 30.0, APIs: 2, Strings: 15, Instructions: 250COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • invalid substitutor, xrefs: 000C07C5
                                                                                                                                                                                                                        • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExtractCabLocalCommand.cpp, xrefs: 000C08E5, 000C0962, 000C09A7, 000C09DE, 000C0A19, 000C0A49
                                                                                                                                                                                                                        • Unable to create destination directory (%d), xrefs: 000C099B
                                                                                                                                                                                                                        • Failed to extract cab (%s), xrefs: 000C09D2
                                                                                                                                                                                                                        • NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::ExecuteExtractCabLocalCommand, xrefs: 000C095D, 000C09A2, 000C09D9, 000C0A14
                                                                                                                                                                                                                        • Source, xrefs: 000C07D1
                                                                                                                                                                                                                        • NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::Execute, xrefs: 000C08E0, 000C0A44
                                                                                                                                                                                                                        • Unable to substitute variables for the EXTRACT_CAB_LOCAL command, xrefs: 000C0A31
                                                                                                                                                                                                                        • DestDir, xrefs: 000C0813
                                                                                                                                                                                                                        • Unable to verify signature for file: %s, xrefs: 000C0956
                                                                                                                                                                                                                        • DeleteFile, xrefs: 000C086B
                                                                                                                                                                                                                        • Unable to substitute DeleteFile attribute, xrefs: 000C08BC
                                                                                                                                                                                                                        • Unable to read Source and/or DestDir attribute of EXTRACT_CAB_LOCAL command, xrefs: 000C0A3D, 000C0A42
                                                                                                                                                                                                                        • Failed to delete src cab (%d), xrefs: 000C0A0D
                                                                                                                                                                                                                        • Failed to parse DeleteFile as a boolean - default to false, xrefs: 000C08D9
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: DeleteFile$DestDir$Failed to delete src cab (%d)$Failed to extract cab (%s)$Failed to parse DeleteFile as a boolean - default to false$NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::Execute$NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::ExecuteExtractCabLocalCommand$Source$Unable to create destination directory (%d)$Unable to read Source and/or DestDir attribute of EXTRACT_CAB_LOCAL command$Unable to substitute DeleteFile attribute$Unable to substitute variables for the EXTRACT_CAB_LOCAL command$Unable to verify signature for file: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExtractCabLocalCommand.cpp$invalid substitutor
                                                                                                                                                                                                                        • API String ID: 0-2605792675
                                                                                                                                                                                                                        • Opcode ID: c580165309d50947c18a72905f1bf9502e5530bb14dcc4dc10a582ba14056cc0
                                                                                                                                                                                                                        • Instruction ID: f138f5df8db2d68dab1e12f0a28e8f27b3595a5e6d1a2fb9568a465d070a804d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c580165309d50947c18a72905f1bf9502e5530bb14dcc4dc10a582ba14056cc0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6191CC71A40304EBEF14DF94D856FEEBBB5AF15705F04002DF50567282EBB5A948CBA2
                                                                                                                                                                                                                        Function 0008A118 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0008DE80: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008DF0C
                                                                                                                                                                                                                        • __Mtx_unlock.LIBCPMT ref: 0008A143
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008A1AA
                                                                                                                                                                                                                          • Part of subcall function 0008E0D0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008E161
                                                                                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 0008A1C1
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0008A1DD
                                                                                                                                                                                                                        • CreateSemaphoreW.KERNEL32(00000000,00000000,000003E8,00000000), ref: 0008A24C
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0008A268
                                                                                                                                                                                                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,00000000), ref: 0008A410
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000001), ref: 0008A46F
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorstd::ios_base::_$CloseCreateHandleSemaphore$ErrorEventLastMtx_unlockRelease
                                                                                                                                                                                                                        • String ID: E$Failed to create event semaphore$Failed to create stop event$Failed to initialize event sender$Failed to release semaphore. Error: $V
                                                                                                                                                                                                                        • API String ID: 1380281556-3274429967
                                                                                                                                                                                                                        • Opcode ID: 72f3f0e7292e94979c27b6eb84bc43e1645721c07ed646d0380deecd3d916221
                                                                                                                                                                                                                        • Instruction ID: 9b2213399102e62eeb49dbb8a08c1b78c1aef0b25753cb6af279f62f9a4cb430
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72f3f0e7292e94979c27b6eb84bc43e1645721c07ed646d0380deecd3d916221
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4B10470E002099BEF54EF64CC56BEEB7B5FF40310F00816AE409676C2EB756A59CB92
                                                                                                                                                                                                                        Function 000C0FA0 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 141filelibraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,384F580C,000000FF,00000000,00000000,0011DF30,000000FF), ref: 000C0FE8
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 000C0FF8
                                                                                                                                                                                                                        • CreateFileW.KERNEL32(000000FF,00000001,00000001,00000000,00000003,00000080,00000000,384F580C,000000FF,00000000,00000000,0011DF30,000000FF), ref: 000C1037
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 000C1058
                                                                                                                                                                                                                        • GetFileSize.KERNEL32(?,?), ref: 000C1088
                                                                                                                                                                                                                        • CreateFileMappingW.KERNEL32(?,00000000,00000002,?,00000000,00000000), ref: 000C109C
                                                                                                                                                                                                                        • MapViewOfFileEx.KERNEL32(00000000,00000004,00000000,00000000,?,00000000), ref: 000C10D9
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 000C10F0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Failed to open the file: %d, xrefs: 000C105F
                                                                                                                                                                                                                        • NWebAdvisor::CFileMemMap::Init, xrefs: 000C1066, 000C1108
                                                                                                                                                                                                                        • kernel32.dll, xrefs: 000C0FE3
                                                                                                                                                                                                                        • Failed to map file to memory, xrefs: 000C1101
                                                                                                                                                                                                                        • CreateFileTransactedW, xrefs: 000C0FF2
                                                                                                                                                                                                                        • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileMemMap.h, xrefs: 000C106B, 000C110D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$CreateHandle$AddressCloseErrorLastMappingModuleProcSizeView
                                                                                                                                                                                                                        • String ID: CreateFileTransactedW$Failed to map file to memory$Failed to open the file: %d$NWebAdvisor::CFileMemMap::Init$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileMemMap.h$kernel32.dll
                                                                                                                                                                                                                        • API String ID: 2423579280-2843467768
                                                                                                                                                                                                                        • Opcode ID: 08ae9d7f186a00f574ead3cec56e09332de4e89ebd7f8705ea3dec6f224701e4
                                                                                                                                                                                                                        • Instruction ID: 18c340bb56538d9b4171e9984df93ca3795a0ea463c6eadaee66c797a2b5322a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08ae9d7f186a00f574ead3cec56e09332de4e89ebd7f8705ea3dec6f224701e4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 11419370B40301BBEB309F649C46FAE77E4BB05B14F204629FA15A76C2D7F4A991CB94
                                                                                                                                                                                                                        Function 000C2FD0 Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 177registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,?,00000000,00000028,00000028,00000000,00000000,Name,00000004,00000000,00000000,Key,00000003,384F580C), ref: 000C30F1
                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000008), ref: 000C317C
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_value_command.cpp, xrefs: 000C3108, 000C3163, 000C31A9, 000C31D1
                                                                                                                                                                                                                        • Unable to substitute variables for the DEL_REG_VALUE command, xrefs: 000C31BC
                                                                                                                                                                                                                        • Unable to read Key or Name for DEL_REG_VALUE command, xrefs: 000C31C5
                                                                                                                                                                                                                        • Error (%d) deleting registry value (%s) in key: %s, xrefs: 000C319D
                                                                                                                                                                                                                        • Cannnot delete registry value. Key or value not found. Key: %s Value: %s, xrefs: 000C3157
                                                                                                                                                                                                                        • Key, xrefs: 000C3013
                                                                                                                                                                                                                        • Error opening HKLM registry key: %d, xrefs: 000C30FC
                                                                                                                                                                                                                        • Invalid substitutor, xrefs: 000C3005
                                                                                                                                                                                                                        • Name, xrefs: 000C3055
                                                                                                                                                                                                                        • NWebAdvisor::NXmlUpdater::parse_and_execute, xrefs: 000C3103, 000C315E, 000C31A4, 000C31CC
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpen
                                                                                                                                                                                                                        • String ID: Cannnot delete registry value. Key or value not found. Key: %s Value: %s$Error (%d) deleting registry value (%s) in key: %s$Error opening HKLM registry key: %d$Invalid substitutor$Key$NWebAdvisor::NXmlUpdater::parse_and_execute$Name$Unable to read Key or Name for DEL_REG_VALUE command$Unable to substitute variables for the DEL_REG_VALUE command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_value_command.cpp
                                                                                                                                                                                                                        • API String ID: 47109696-1081640057
                                                                                                                                                                                                                        • Opcode ID: aa416606ee19e53d9f2bd12b35d442b499f5feceff326c1ea728c4ab0fe9fe60
                                                                                                                                                                                                                        • Instruction ID: 3e7e59d8cf702b1facd1c2408f85b175681b4cc66e2f58c399bc347f3d22c317
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa416606ee19e53d9f2bd12b35d442b499f5feceff326c1ea728c4ab0fe9fe60
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0251A170A51208AFDB14DF90DC8AFEEB7B9AB05704F18451CF905772C1EB75AA04CBA5
                                                                                                                                                                                                                        Function 000A8400 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 152COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SHGetSpecialFolderPathW.SHELL32(00000000,0015F278,00000023,00000001,00000004,00000000,00000000), ref: 000A8462
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(0015F278,00000000,0015F278,00000104,\McAfee\), ref: 000A8491
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 000A849D
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(0015F278,00000000,0015F278,00000104,0015F070), ref: 000A84C5
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 000A84CB
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,00000104), ref: 000A84FC
                                                                                                                                                                                                                        • StrRChrW.SHLWAPI(?,00000000,0000005C), ref: 000A8511
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(0015F278,00000000,0015F278,00000104,00000000), ref: 000A852E
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 000A8534
                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 000A85B9
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateDirectoryErrorLast$CountFileFolderModuleNamePathSpecialTick
                                                                                                                                                                                                                        • String ID: %uFile:%sFunction:%sLine:%d$\McAfee\$\log.txt
                                                                                                                                                                                                                        • API String ID: 922589859-3713371193
                                                                                                                                                                                                                        • Opcode ID: bde2d6377f76d0c2130a0bacf04f333572249239071bd29b6cf7a97917df2846
                                                                                                                                                                                                                        • Instruction ID: a7f79b8d47b8f747bdb1664732e4246c2031cdffe33615e9b0e8c91c31eac33d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bde2d6377f76d0c2130a0bacf04f333572249239071bd29b6cf7a97917df2846
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A512BB0A80308FBDF20ABA4DC46FDA77E4AF15701F104164FD08BB5D2DBB0A9858B55
                                                                                                                                                                                                                        Function 000FCE60 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _free$Info
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2509303402-0
                                                                                                                                                                                                                        • Opcode ID: 37d992de1f94af91b3c70e479d945541e562d61d6a6d76741a29b90ff0aecd68
                                                                                                                                                                                                                        • Instruction ID: 1ef53a96568665f84f79ff0704dbb14fec898b4cdae791eac673e61dc7256556
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37d992de1f94af91b3c70e479d945541e562d61d6a6d76741a29b90ff0aecd68
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96D1AD71E003099FDB61CFB8C881BAEBBF5BF19300F14402AF995AB692D771A845DB50
                                                                                                                                                                                                                        Function 0008E843 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 319COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008E8A8
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitialize
                                                                                                                                                                                                                        • String ID: Authorization: $Failed to create access token$HTTP receive response failed for Azure: $HTTP send request failed for Azure: $HTTP status error for Azure: $`ato
                                                                                                                                                                                                                        • API String ID: 539357862-423899989
                                                                                                                                                                                                                        • Opcode ID: 80847adb03b197d7f5377cde3d1cd9ac5db28293adc82a4babfb7087ad7ef655
                                                                                                                                                                                                                        • Instruction ID: b6b280c100e7b538aaedcb5ff2ef337c4e38b729ad172216cc93d7fc3b380f67
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80847adb03b197d7f5377cde3d1cd9ac5db28293adc82a4babfb7087ad7ef655
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03D18170D002599FDB24EB60CE45BEDB3B8BF45304F5084E8E549A7292DB74AB88CF91
                                                                                                                                                                                                                        Function 000B0950 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 244fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 000B0490: CreateDirectoryW.KERNEL32(?,00000000,?), ref: 000B04AA
                                                                                                                                                                                                                          • Part of subcall function 000B0490: GetLastError.KERNEL32 ref: 000B04B8
                                                                                                                                                                                                                        • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,?,00000000,00000000,00000000,0000005C,00000001,00000000), ref: 000B0BB5
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 000B0BC2
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateErrorLast$DirectoryFile
                                                                                                                                                                                                                        • String ID: _$CreateDir failed for %s$CreateFile failed for %s: %d$NWebAdvisor::NUtils::StoreBufferInFile$WriteFile failed: %d$\$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileUtils.cpp
                                                                                                                                                                                                                        • API String ID: 1552088572-2905813862
                                                                                                                                                                                                                        • Opcode ID: 45238cde0dfeea82b1ff07841de6b848fad70dfae49c3bb22d6331a1ba9c852c
                                                                                                                                                                                                                        • Instruction ID: 108d60a56ed724158002da64c9adbbc0a176ea6bc835fe69225ee6f2805aef7a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 45238cde0dfeea82b1ff07841de6b848fad70dfae49c3bb22d6331a1ba9c852c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76A18E71E00349EEDF14DFA4CC45BEEBBB4AF58314F148219E90977191DB706A85CBA1
                                                                                                                                                                                                                        Function 000C3300 Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 217registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 000C3545
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Close
                                                                                                                                                                                                                        • String ID: Cannnot delete registry key. Not found: %s$Error (%d) deleting registry key tree: %s$Error opening HKLM registry key: %d$Invalid substitutor$Key$NWebAdvisor::NXmlUpdater::parse_and_execute$Unable to read Key for DEL_REG_TREE command$Unable to substitute variables for the DEL_REG_TREE command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_tree_command.cpp
                                                                                                                                                                                                                        • API String ID: 3535843008-3762851336
                                                                                                                                                                                                                        • Opcode ID: 46c9dfd63c15fad512d080a3dfde93962d7d507bd6daed2cd8e0d43b66c57704
                                                                                                                                                                                                                        • Instruction ID: 948691dc5c143370ca018400b4f2b972d04805d25cef99b9f6c0a2855700e680
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46c9dfd63c15fad512d080a3dfde93962d7d507bd6daed2cd8e0d43b66c57704
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F71C171E54204ABDF289F54C886FAEB7B5AF05B00F54851CF9157B2C2EB71AA40CBA1
                                                                                                                                                                                                                        Function 000E87E7 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 58libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(0016742C,00000FA0,?,?,000E87C5), ref: 000E87F3
                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,000E87C5), ref: 000E87FE
                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,000E87C5), ref: 000E880F
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 000E8821
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 000E882F
                                                                                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,000E87C5), ref: 000E8852
                                                                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(0016742C,00000007,?,?,000E87C5), ref: 000E8875
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,000E87C5), ref: 000E8885
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 000E87F9
                                                                                                                                                                                                                        • SleepConditionVariableCS, xrefs: 000E881B
                                                                                                                                                                                                                        • kernel32.dll, xrefs: 000E880A
                                                                                                                                                                                                                        • WakeAllConditionVariable, xrefs: 000E8827
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                                                                        • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                        • API String ID: 2565136772-3242537097
                                                                                                                                                                                                                        • Opcode ID: ccd5b611778fa1a63f1b2e3f975a52ebe937f650a304d5f0c1295b8cb5190d4a
                                                                                                                                                                                                                        • Instruction ID: cd69a3cb988774ce36188b9c744421f01031f6fc787c29144a46e183c4ce76f2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ccd5b611778fa1a63f1b2e3f975a52ebe937f650a304d5f0c1295b8cb5190d4a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57015A31B45712AFDB301B76AD0DF6A3ED8EB84B55B444420FD19E39A0DFB0C8A28765
                                                                                                                                                                                                                        Function 0010B0D0 Relevance: 18.4, APIs: 12, Instructions: 374COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                        • Opcode ID: 1b89a1606f16310f164e2839242e024a5097c33f931d557c798cf0e57ccbf059
                                                                                                                                                                                                                        • Instruction ID: f2b948e75d0d3efaffca762ac1373593fc8167a7c431e8dd17ad37baae19e5c4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b89a1606f16310f164e2839242e024a5097c33f931d557c798cf0e57ccbf059
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35C12476E44604AFDB20DBA8DC82FEE77F8AB19704F154165FA85FB2C2D7B099408790
                                                                                                                                                                                                                        Function 000A91A0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,0014A536,00000003), ref: 000A91C9
                                                                                                                                                                                                                        • FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 000A91DE
                                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 000A91EE
                                                                                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 000A91FD
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetOsVersion, xrefs: 000A927F, 000A9336
                                                                                                                                                                                                                        • %d.%d.%d.%d, xrefs: 000A925E
                                                                                                                                                                                                                        • kernel32.dll, xrefs: 000A91B8
                                                                                                                                                                                                                        • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp, xrefs: 000A9284, 000A933B
                                                                                                                                                                                                                        • Failed to retrieve kernel verison, xrefs: 000A932C
                                                                                                                                                                                                                        • Failed to format version, xrefs: 000A9275
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Resource$FindHandleLoadLockModule
                                                                                                                                                                                                                        • String ID: %d.%d.%d.%d$Failed to format version$Failed to retrieve kernel verison$NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetOsVersion$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp$kernel32.dll
                                                                                                                                                                                                                        • API String ID: 3968257194-3470154288
                                                                                                                                                                                                                        • Opcode ID: 6d85dd23179b30bef9c6ae8e3edf8410e23d49cedada090b29347efa36847db0
                                                                                                                                                                                                                        • Instruction ID: c0636d48b458c085d230a36b733820e284b4d7c0763c6c353ffe3a4b374a6fe2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d85dd23179b30bef9c6ae8e3edf8410e23d49cedada090b29347efa36847db0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37511771B00314ABDF249F65CC45BABB7F4EF05704F00459DE80AAB6C2EB75AA42CB94
                                                                                                                                                                                                                        Function 000EC338 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 000EC435
                                                                                                                                                                                                                        • type_info::operator==.LIBVCRUNTIME ref: 000EC457
                                                                                                                                                                                                                        • ___TypeMatch.LIBVCRUNTIME ref: 000EC566
                                                                                                                                                                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 000EC638
                                                                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 000EC6BC
                                                                                                                                                                                                                        • CallUnexpected.LIBVCRUNTIME ref: 000EC6D7
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                                                                        • API String ID: 2123188842-393685449
                                                                                                                                                                                                                        • Opcode ID: edd9f07de44501c43fa9cd529e042e975c817c828e6650bf211c81b2a1d68938
                                                                                                                                                                                                                        • Instruction ID: db07baab69577b1cd8c4ab5e663cb3a08b84bb2feeb9d25cb12fbb79503c67b2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: edd9f07de44501c43fa9cd529e042e975c817c828e6650bf211c81b2a1d68938
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2B16C72800289EFDF19DFA6C981DAFBBB5BF04310B14415AE8157B252D732EA52CF91
                                                                                                                                                                                                                        Function 000869A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 114libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DeviceIoControl.KERNEL32(384F580C,9EDBA51C,00000000,00000000,00000000,00000000,?,00000000), ref: 000869E9
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(384F580C,?,?,00000000), ref: 000869FB
                                                                                                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,9EDB651C,00000000,00000000,00000000,00000000,?,00000000), ref: 00086A2A
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 00086A3D
                                                                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mfeaaca.dll,?), ref: 00086A8B
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,NotComDllUnload), ref: 00086A9E
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00086AB8
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Handle$CloseControlDevice$AddressFreeLibraryModuleProc
                                                                                                                                                                                                                        • String ID: NotComDllUnload$mfeaaca.dll
                                                                                                                                                                                                                        • API String ID: 2321898493-1077453148
                                                                                                                                                                                                                        • Opcode ID: 36877207ef7bd72a97918bde220be719782eadfe704b458a60044300f2c2ed06
                                                                                                                                                                                                                        • Instruction ID: 7c1a801a32a3ac56ac0f2f66668c57edd587cc881d251d25df4ca6cced9dac51
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36877207ef7bd72a97918bde220be719782eadfe704b458a60044300f2c2ed06
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29318D71300300ABDB24AF24DC89B2A77E8BF44B11F194618F955AB2D1DB71EC56CBA6
                                                                                                                                                                                                                        Function 000C4280 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 133COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • NWebAdvisor::CHttpTransaction::SetAutoProxyUrl, xrefs: 000C4388
                                                                                                                                                                                                                        • NWebAdvisor::CHttpTransaction::SetAutoProxy, xrefs: 000C4325
                                                                                                                                                                                                                        • NWebAdvisor::CHttpTransaction::Connect, xrefs: 000C43D8
                                                                                                                                                                                                                        • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpTransaction_sacore.cpp, xrefs: 000C432A, 000C438D, 000C43DD
                                                                                                                                                                                                                        • # SetAutoProxy: Can't get proxy. Err: %d, xrefs: 000C431E
                                                                                                                                                                                                                        • Unable to set proxy option, error: %d, xrefs: 000C43CE
                                                                                                                                                                                                                        • # SetAutoProxyUrl: Can't get proxy. Err: %d, xrefs: 000C4381
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLast
                                                                                                                                                                                                                        • String ID: # SetAutoProxy: Can't get proxy. Err: %d$# SetAutoProxyUrl: Can't get proxy. Err: %d$NWebAdvisor::CHttpTransaction::Connect$NWebAdvisor::CHttpTransaction::SetAutoProxy$NWebAdvisor::CHttpTransaction::SetAutoProxyUrl$Unable to set proxy option, error: %d$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpTransaction_sacore.cpp
                                                                                                                                                                                                                        • API String ID: 1452528299-2881327693
                                                                                                                                                                                                                        • Opcode ID: 7fc20567a951f0da8548fc7911c7f1084333bc80d9d75fe7ff6bebebb8650e6a
                                                                                                                                                                                                                        • Instruction ID: 45c7d1449ac1369baa5b9f5b91c48ce630d4f251e4e1627b876cd51060866a2c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7fc20567a951f0da8548fc7911c7f1084333bc80d9d75fe7ff6bebebb8650e6a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76413D71E40309AFEB10DFA4CC85FAEB7F8FF58704F14811AE914A6280EBB59954CB65
                                                                                                                                                                                                                        Function 000EE00A Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 496COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __aulldvrm
                                                                                                                                                                                                                        • String ID: :$f$f$f$p$p$p
                                                                                                                                                                                                                        • API String ID: 1302938615-1434680307
                                                                                                                                                                                                                        • Opcode ID: cea7733dabf86bc5c6ea0c60d40b02c71f29b3b5f468f1def6264aa648266a2d
                                                                                                                                                                                                                        • Instruction ID: b48df2ea6689611c7fa862316f3df985a946ded8bf8e32de7cc4761da46cec5a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cea7733dabf86bc5c6ea0c60d40b02c71f29b3b5f468f1def6264aa648266a2d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24028D75A002DDDEDF348FA6D48C6EDB7B6FB04B14FA4411AE414BB280D3709E888B15
                                                                                                                                                                                                                        Function 000E6940 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000E6947
                                                                                                                                                                                                                          • Part of subcall function 0009C960: std::_Lockit::_Lockit.LIBCPMT ref: 0009C995
                                                                                                                                                                                                                          • Part of subcall function 0009C960: std::_Lockit::_Lockit.LIBCPMT ref: 0009C9B7
                                                                                                                                                                                                                          • Part of subcall function 0009C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0009C9D7
                                                                                                                                                                                                                          • Part of subcall function 0009C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0009CAB1
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                        • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                        • API String ID: 1383202999-2891247106
                                                                                                                                                                                                                        • Opcode ID: ba6ea7ed4f2168c4dd1903668d4ee9975b2e32f399d4a3883a3f245c967a6f86
                                                                                                                                                                                                                        • Instruction ID: f2ecc1d8faf6023c09b760a0408010910083fc024c560689bf07de9c3751ae76
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba6ea7ed4f2168c4dd1903668d4ee9975b2e32f399d4a3883a3f245c967a6f86
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5CB1BE7190014AAFCF29DF6AED55DFE3BB9EB24390F144129FA42B6251D332CA50DB21
                                                                                                                                                                                                                        Function 000E1610 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000E1617
                                                                                                                                                                                                                          • Part of subcall function 000D7DF0: __EH_prolog3.LIBCMT ref: 000D7DF7
                                                                                                                                                                                                                          • Part of subcall function 000D7DF0: std::_Lockit::_Lockit.LIBCPMT ref: 000D7E01
                                                                                                                                                                                                                          • Part of subcall function 000D7DF0: std::_Lockit::~_Lockit.LIBCPMT ref: 000D7E72
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                        • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                        • API String ID: 1538362411-2891247106
                                                                                                                                                                                                                        • Opcode ID: 379e55cccd935bf64a415739e4d812006ccf0c7b1a5c42f5b9e68538c7531ed1
                                                                                                                                                                                                                        • Instruction ID: 678fc136bb2798533c8602ea187628a66e291277524a24c3b4f1f5b4084f2c18
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 379e55cccd935bf64a415739e4d812006ccf0c7b1a5c42f5b9e68538c7531ed1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39B18B7190024AAFDF19DF69C965DFE7BF9FF09700F04411AFA52B2292D6318A10DB61
                                                                                                                                                                                                                        Function 000C0C80 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 244fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00000000,?,?,384F580C,00000000), ref: 000C0E20
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 000C0E2E
                                                                                                                                                                                                                          • Part of subcall function 000C0FA0: GetModuleHandleW.KERNEL32(kernel32.dll,384F580C,000000FF,00000000,00000000,0011DF30,000000FF), ref: 000C0FE8
                                                                                                                                                                                                                          • Part of subcall function 000C0FA0: GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 000C0FF8
                                                                                                                                                                                                                          • Part of subcall function 000C0FA0: GetLastError.KERNEL32 ref: 000C1058
                                                                                                                                                                                                                          • Part of subcall function 000A8650: std::locale::_Init.LIBCPMT ref: 000A882F
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • CreateFile failed: %d, xrefs: 000C0E35
                                                                                                                                                                                                                        • NWebAdvisor::CCabParser::LoadCabFile, xrefs: 000C0F0C
                                                                                                                                                                                                                        • Unable to create destination directory (%d), xrefs: 000C0D94
                                                                                                                                                                                                                        • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 000C0DA0, 000C0E41, 000C0F11
                                                                                                                                                                                                                        • Failed to load cab %s, xrefs: 000C0F05
                                                                                                                                                                                                                        • NWebAdvisor::CCabParser::GetContentFile, xrefs: 000C0D9B, 000C0E3C
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLast$AddressCreateFileHandleInitModuleProcstd::locale::_
                                                                                                                                                                                                                        • String ID: CreateFile failed: %d$Failed to load cab %s$NWebAdvisor::CCabParser::GetContentFile$NWebAdvisor::CCabParser::LoadCabFile$Unable to create destination directory (%d)$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                                                        • API String ID: 1808632809-3418505487
                                                                                                                                                                                                                        • Opcode ID: fbe557beb0580be141c5835c4935c260690b03c091f0785744cbe7f27dfac6bb
                                                                                                                                                                                                                        • Instruction ID: b93b7a14e0d9dbfd2fcf8649ade39bc0b0dc3d42f91bf30607b1d5da34deb398
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fbe557beb0580be141c5835c4935c260690b03c091f0785744cbe7f27dfac6bb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7918071E00208EFDB14DFA4D896FDEB7B4EB08704F20812DF519A7282DB75AA46CB51
                                                                                                                                                                                                                        Function 0010F5F9 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: e0984a0c02285887e1635b628a2289fce4a413b80f6f5d2ea407f93c206d4d3f
                                                                                                                                                                                                                        • Instruction ID: 006849104cf029eebcd875f16badb4e2d789bd31d8aa4d3cd3a7a379a557ee96
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e0984a0c02285887e1635b628a2289fce4a413b80f6f5d2ea407f93c206d4d3f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ADC1E570A04245AFDB25DF99C886BADBBB0EF49304F04406EF494A77D2D7B19943CB61
                                                                                                                                                                                                                        Function 000BC600 Relevance: 13.7, APIs: 9, Instructions: 240COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::locale::_Init.LIBCPMT ref: 000BC641
                                                                                                                                                                                                                          • Part of subcall function 000D3084: __EH_prolog3.LIBCMT ref: 000D308B
                                                                                                                                                                                                                          • Part of subcall function 000D3084: std::_Lockit::_Lockit.LIBCPMT ref: 000D3096
                                                                                                                                                                                                                          • Part of subcall function 000D3084: std::locale::_Setgloballocale.LIBCPMT ref: 000D30B1
                                                                                                                                                                                                                          • Part of subcall function 000D3084: std::_Lockit::~_Lockit.LIBCPMT ref: 000D3107
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000BC6CB
                                                                                                                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000BC713
                                                                                                                                                                                                                        • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 000BC748
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000BC7DD
                                                                                                                                                                                                                          • Part of subcall function 000EE960: _free.LIBCMT ref: 000EE973
                                                                                                                                                                                                                        • std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 000BC807
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000BC82B
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000BC84C
                                                                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000BC85B
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$std::locale::_$Lockit::_Lockit::~_$Locimp::_Locinfo::_$AddfacH_prolog3InitLocimpLocimp_Locinfo_ctorLocinfo_dtorNew_Setgloballocale_free
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3142054045-0
                                                                                                                                                                                                                        • Opcode ID: ab7b0a77968fab284da251f5b1fb6389c27d0aaaabf7ce74d34414cd360ce9d4
                                                                                                                                                                                                                        • Instruction ID: ba8c725cf5ccb4b9862d32fee6e01548072e73ee64f70de01dd0c63221079f17
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab7b0a77968fab284da251f5b1fb6389c27d0aaaabf7ce74d34414cd360ce9d4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1FA1ACB0D00349DFEB10DFA9D945B9EBBF4BF04304F14452AE805A7792EBB5AA44CB91
                                                                                                                                                                                                                        Function 0010B4F0 Relevance: 13.7, APIs: 9, Instructions: 200COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                        • Opcode ID: 5be3d05332c51b2bfd362c2d55313de5612c7562209e1d38c6c340d0c2718a68
                                                                                                                                                                                                                        • Instruction ID: 82242d942afb72d490b358b20cb1c897abbc5a35f26f4588c9ba8059acd9ee20
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5be3d05332c51b2bfd362c2d55313de5612c7562209e1d38c6c340d0c2718a68
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B61D075908704AFDB20DF74C881BAAB7F8AF59310F214569F996AB2C1EBB19D40CB50
                                                                                                                                                                                                                        Function 0009E2C0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: z
                                                                                                                                                                                                                        • API String ID: 0-1657960367
                                                                                                                                                                                                                        • Opcode ID: 048dc2da3d03dade00b3fc8ddffbefe7d115cf308f9197b3726cf4b7d9305cb1
                                                                                                                                                                                                                        • Instruction ID: bea557c70df161fb6c5bdf298682fdfae7d1d94150f90aa79515516a6c2e93a5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 048dc2da3d03dade00b3fc8ddffbefe7d115cf308f9197b3726cf4b7d9305cb1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80518071A00249ABEF20DB94DC84FEEB7F8FB44324F104179E905A7281E7759E45DBA0
                                                                                                                                                                                                                        Function 00087107 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00087D3D
                                                                                                                                                                                                                        • __Mtx_unlock.LIBCPMT ref: 00087DC8
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00087DFC
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00087EBB
                                                                                                                                                                                                                          • Part of subcall function 00094B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0009521E
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitializeMtx_unlock
                                                                                                                                                                                                                        • String ID: Failed to add event category ($Service has not been initialized$V
                                                                                                                                                                                                                        • API String ID: 342047005-375236208
                                                                                                                                                                                                                        • Opcode ID: 3b751347d7d1c859759f976a23401c0abe18288f75fb6de3604fe9fd7744c868
                                                                                                                                                                                                                        • Instruction ID: 6b8609ad9af2ef3e467229bf06504650cd087edc9b378d22a376a4a29293b60c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b751347d7d1c859759f976a23401c0abe18288f75fb6de3604fe9fd7744c868
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0351E371904248DFDF14EF64DD55BEE77B4FF08300F5081A9E84A97282EB79AA08CB61
                                                                                                                                                                                                                        Function 0010A764 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _free$___from_strstr_to_strchr
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3409252457-0
                                                                                                                                                                                                                        • Opcode ID: 3943ddbdbf0ae8808344edf3a499aad148d0b14bdcefcc6617cb903a221ec76c
                                                                                                                                                                                                                        • Instruction ID: adcdbe87380d1826dd48dffa8d24ce8a10956f394d4beded8e835722a71f69c4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3943ddbdbf0ae8808344edf3a499aad148d0b14bdcefcc6617cb903a221ec76c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 92513A71A04305AFDB25AF758C41AAD7BB4EF01318F41816AF5D19B2C2EBF28941CB52
                                                                                                                                                                                                                        Function 00098690 Relevance: 12.2, APIs: 8, Instructions: 172COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 000E987E: EnterCriticalSection.KERNEL32(001677A0,?,00000101,?,000986A7,00000000,?,00000101,?,00000000,?,?,0009C338,-00000010), ref: 000E9889
                                                                                                                                                                                                                          • Part of subcall function 000E987E: LeaveCriticalSection.KERNEL32(001677A0,?,000986A7,00000000,?,00000101,?,00000000,?,?,0009C338,-00000010,?,?,?,384F580C), ref: 000E98B5
                                                                                                                                                                                                                        • FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000), ref: 000986D6
                                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 000986E4
                                                                                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 000986EF
                                                                                                                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000), ref: 000986FD
                                                                                                                                                                                                                        • FindResourceW.KERNEL32(00000000,?,00000006), ref: 00098764
                                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00098776
                                                                                                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 00098785
                                                                                                                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000), ref: 00098797
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Resource$CriticalFindLoadLockSectionSizeof$EnterLeave
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 506522749-0
                                                                                                                                                                                                                        • Opcode ID: be263899e7c482e58adc2f9f44e46e786910c3fdf9f982634075105443252d7f
                                                                                                                                                                                                                        • Instruction ID: 60e70b317917678572c93b471e862fe0a626caa3a864ea700d2490dc75515463
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: be263899e7c482e58adc2f9f44e46e786910c3fdf9f982634075105443252d7f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99412631A04211ABCB309F589884A7BB3E8EF95741F10892EFD65D7341EF35DC16A7A1
                                                                                                                                                                                                                        Function 0010087D Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00104E01), ref: 00101CAE
                                                                                                                                                                                                                          • Part of subcall function 00101CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00101D4C
                                                                                                                                                                                                                        • _free.LIBCMT ref: 00100B8A
                                                                                                                                                                                                                        • _free.LIBCMT ref: 00100BA3
                                                                                                                                                                                                                        • _free.LIBCMT ref: 00100BE1
                                                                                                                                                                                                                        • _free.LIBCMT ref: 00100BEA
                                                                                                                                                                                                                        • _free.LIBCMT ref: 00100BF6
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _free$ErrorLast
                                                                                                                                                                                                                        • String ID: C
                                                                                                                                                                                                                        • API String ID: 3291180501-1037565863
                                                                                                                                                                                                                        • Opcode ID: 650543220680ce64508adf3235419b6914af0a0b625a0c1758722d4246778708
                                                                                                                                                                                                                        • Instruction ID: b5b599ebee4a2235c7a83e6f0f7106c17b6c7756ffa7c7ec8f4d1d0a88dd14fb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 650543220680ce64508adf3235419b6914af0a0b625a0c1758722d4246778708
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5FB12875A016199FDB25DF18C888BA9B7B4FF18304F5045EAE989A7391D7B1AE80CF40
                                                                                                                                                                                                                        Function 00091230 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • InitOnceBeginInitialize.KERNEL32(0016823C,00000000,?,00000000,?,?,?,?,00000000,00000000,?,384F580C,?,?), ref: 0009125A
                                                                                                                                                                                                                        • InitOnceComplete.KERNEL32(0016823C,00000000,00000000), ref: 00091278
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • [%S:(%d)][%S] Failed to create HMAC traits., xrefs: 000912F8
                                                                                                                                                                                                                        • [%S:(%d)][%S] Error trying to BCryptOpenAlgorithmProvider: %ls, xrefs: 000913E3
                                                                                                                                                                                                                        • C:\non_system\Code\McCryptoLib\src\windows\win_hmac.cpp, xrefs: 000912F3, 000913DE
                                                                                                                                                                                                                        • McCryptoLib::CMcCryptoHMACWin::Initialize, xrefs: 000912EC, 000913D7
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                        • String ID: C:\non_system\Code\McCryptoLib\src\windows\win_hmac.cpp$McCryptoLib::CMcCryptoHMACWin::Initialize$[%S:(%d)][%S] Error trying to BCryptOpenAlgorithmProvider: %ls$[%S:(%d)][%S] Failed to create HMAC traits.
                                                                                                                                                                                                                        • API String ID: 51270584-3897904871
                                                                                                                                                                                                                        • Opcode ID: ff7382f8ef7c387b40d5af323ea4e15d3d2f8ebd98b12551e9c4faa18cde5ce2
                                                                                                                                                                                                                        • Instruction ID: 112ce0454d61307720876669f20f5e3084bb6ab646d9090dd9280f295dd41409
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff7382f8ef7c387b40d5af323ea4e15d3d2f8ebd98b12551e9c4faa18cde5ce2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F519D71744306AFDB10EF28DD42BAE77E4BF98700F40452DF909A7292DA31E915DBA2
                                                                                                                                                                                                                        Function 000952D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 173COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: 0.0.0.0$UUID$UUID$Version$kernel32.dll
                                                                                                                                                                                                                        • API String ID: 0-1483847951
                                                                                                                                                                                                                        • Opcode ID: def97a01bc93fe31dc907c3cd21c91fc5cad395f4cfc9076b793f492fc1930c9
                                                                                                                                                                                                                        • Instruction ID: 60e3e53e753bb213e452b034b2a8d0e123f155d09837b9be743fbf8a2c2a9a8f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: def97a01bc93fe31dc907c3cd21c91fc5cad395f4cfc9076b793f492fc1930c9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F818574904788CBEF25CFA8C9487DEBBF2BF49314F204219D414AB7A2D7784A84DB51
                                                                                                                                                                                                                        Function 0008A6B6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,384F580C,?,?), ref: 0008A531
                                                                                                                                                                                                                        • __Mtx_unlock.LIBCPMT ref: 0008A73D
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008A7AC
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008A989
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Unexpected return value: , xrefs: 0008A8CC
                                                                                                                                                                                                                        • Event string is empty, xrefs: 0008A77C
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorstd::ios_base::_$Mtx_unlockMultipleObjectsWait
                                                                                                                                                                                                                        • String ID: Event string is empty$Unexpected return value:
                                                                                                                                                                                                                        • API String ID: 1703231451-1331613497
                                                                                                                                                                                                                        • Opcode ID: b171e93c05fd55657f0f61c90fde37cd8112bfdf1ef0cbe4c917da6984abee6e
                                                                                                                                                                                                                        • Instruction ID: 74cbb57c736c804d6c7b7f45afe07391601fdefbf5b50b2e145507b9df9502f9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b171e93c05fd55657f0f61c90fde37cd8112bfdf1ef0cbe4c917da6984abee6e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6510470E042089BEF18EFA4CC89BEDB775BF01310F108259E0996B6D2DB745A85CB63
                                                                                                                                                                                                                        Function 0009C960 Relevance: 10.6, APIs: 7, Instructions: 116COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0009C995
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0009C9B7
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0009C9D7
                                                                                                                                                                                                                        • __Getctype.LIBCPMT ref: 0009CA70
                                                                                                                                                                                                                        • std::_Locinfo::~_Locinfo.LIBCPMT ref: 0009CA82
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0009CA8F
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0009CAB1
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfoLocinfo::~_Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3947131827-0
                                                                                                                                                                                                                        • Opcode ID: 6af4e0e5594a2ada58bc04c3ba17699b3b5e1b1e965d4dcbf65fe3004be4461d
                                                                                                                                                                                                                        • Instruction ID: d5a9867fc6ab1115fdbcf6d62f6c22065384df0365d124bc0fdaaa750677e48f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6af4e0e5594a2ada58bc04c3ba17699b3b5e1b1e965d4dcbf65fe3004be4461d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6441CB71D002489FDF10DF58D851AAEB7F4FF44314F14816AE81AAB392DB70AE45DB92
                                                                                                                                                                                                                        Function 0008A550 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,384F580C,?,?), ref: 0008A531
                                                                                                                                                                                                                        • __Mtx_unlock.LIBCPMT ref: 0008A58B
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008A989
                                                                                                                                                                                                                        • __Mtx_unlock.LIBCPMT ref: 0008A99D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Thread signalled when event queue is empty, xrefs: 0008A614
                                                                                                                                                                                                                        • Unexpected return value: , xrefs: 0008A8CC
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InitIos_base_dtorMtx_unlockOncestd::ios_base::_$BeginCompleteInitializeMultipleObjectsWait
                                                                                                                                                                                                                        • String ID: Thread signalled when event queue is empty$Unexpected return value:
                                                                                                                                                                                                                        • API String ID: 3324347728-3645029203
                                                                                                                                                                                                                        • Opcode ID: ccd3eb0649a1e2db8a4029f25cdf4722b67beeffc193eb5d6a0f4239687cecf8
                                                                                                                                                                                                                        • Instruction ID: 428ee29827e4fe8e4aa601ab42644a1d758a849569895cab5aeb52e0f7db15c1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ccd3eb0649a1e2db8a4029f25cdf4722b67beeffc193eb5d6a0f4239687cecf8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC41D3B0E00258DAEF14EBA4CD49BDDB775BF11310F10819AE459672C2EB745B85CB52
                                                                                                                                                                                                                        Function 0010416A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                        • API String ID: 0-537541572
                                                                                                                                                                                                                        • Opcode ID: 43264647ae19bdd8116c176b0db62e68ecb3bdffa87d4cf66b0c0b23b9caecfa
                                                                                                                                                                                                                        • Instruction ID: 8247926286947c7ff59ef5de0097940c6553985e5a2823be5cc1411286d82792
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43264647ae19bdd8116c176b0db62e68ecb3bdffa87d4cf66b0c0b23b9caecfa
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A21E4F1B01221BBCB319B64ACC0A5A37A89B25764F210110FE96A72E1D7F0EC42C6E0
                                                                                                                                                                                                                        Function 0010576D Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetConsoleCP.KERNEL32(?,000A860A,00000000), ref: 001057B5
                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 00105994
                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 001059B1
                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,000A860A,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 001059F9
                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00105A39
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00105AE5
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4031098158-0
                                                                                                                                                                                                                        • Opcode ID: 11bbda551445678d74042f06dec6ffc9dec2dd42d61c350586cf76caa13d71da
                                                                                                                                                                                                                        • Instruction ID: c62c9698837c3313cb612de92e5c5c22bcd6e83e52e0513a984f60af29865c74
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11bbda551445678d74042f06dec6ffc9dec2dd42d61c350586cf76caa13d71da
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7CD17D75E00658DFCB15CFA8C8809EEBBB6BF48314F28416AE895FB281D7719946CF50
                                                                                                                                                                                                                        Function 000E809D Relevance: 9.2, APIs: 6, Instructions: 224COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCPInfo.KERNEL32(?,?), ref: 000E8128
                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 000E81B6
                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 000E8228
                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 000E8242
                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 000E82A5
                                                                                                                                                                                                                        • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 000E82C2
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2984826149-0
                                                                                                                                                                                                                        • Opcode ID: 99451f9060e418e9065d75085e15522bd8f753b399d9a233f1109b58f183ce86
                                                                                                                                                                                                                        • Instruction ID: c10c51db43927773de17120beb81bf23eb3bc332dc90273d8b90bf0bd5e384f1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99451f9060e418e9065d75085e15522bd8f753b399d9a233f1109b58f183ce86
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C71C27190068AAFDF218FA6CC45AEF7BFAAF49310F248159EA09B7251DF318841D764
                                                                                                                                                                                                                        Function 000D68B8 Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 000D6901
                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 000D696C
                                                                                                                                                                                                                        • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 000D6989
                                                                                                                                                                                                                        • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 000D69C8
                                                                                                                                                                                                                        • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 000D6A27
                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 000D6A4A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharMultiStringWide
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2829165498-0
                                                                                                                                                                                                                        • Opcode ID: 557b91c3fda432431b6a2fcdb25ca6bbed4779511f654d3a3a93a19d7186d305
                                                                                                                                                                                                                        • Instruction ID: 09cdc5d4ae556d2c431ea3b1f059e80b8ec38be7e6659c5e4a2750570a745821
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 557b91c3fda432431b6a2fcdb25ca6bbed4779511f654d3a3a93a19d7186d305
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8951B07250031AAFDF209FA8CC41FAB7BE9EF40750F14852AF915AA250EB32DD51DB61
                                                                                                                                                                                                                        Function 0007E790 Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000001,?,00000000), ref: 0007E7D7
                                                                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(00000000,00000000,00000000,?), ref: 0007E811
                                                                                                                                                                                                                        • SetNamedSecurityInfoW.ADVAPI32(00000000,00000001,00000004,00000000,00000000,00000000,00000000,?), ref: 0007E86D
                                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 0007E8C7
                                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 0007E8DC
                                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 0007E917
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Security$DescriptorFreeLocal$ConvertDaclInfoNamedString
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2792426717-0
                                                                                                                                                                                                                        • Opcode ID: 329a8e8f4581645be953e47c23e0330166455b6727ebce654db2a19da2515e7f
                                                                                                                                                                                                                        • Instruction ID: 5705cfbef8fe6acaef0ba71bcf168900a3cea20e905a503b2ab75ec9ff356313
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 329a8e8f4581645be953e47c23e0330166455b6727ebce654db2a19da2515e7f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83419271E01248ABEF50CFA4DC49BDEB7F8FF08704F204169F908A2290DB789A44CB65
                                                                                                                                                                                                                        Function 00078D10 Relevance: 9.1, APIs: 6, Instructions: 128COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00078D46
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00078D66
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00078D86
                                                                                                                                                                                                                        • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00078E57
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00078E64
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00078E86
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2966223926-0
                                                                                                                                                                                                                        • Opcode ID: 6f334e32eda2ff7258bf49ecdbdb10dd9cbbe97d9852e413d9a11e74398de5c0
                                                                                                                                                                                                                        • Instruction ID: fc544e22ddb02f9571b525ea1fe7f4a4bdeddd39ac91dac099bb2d1d4046c621
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f334e32eda2ff7258bf49ecdbdb10dd9cbbe97d9852e413d9a11e74398de5c0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF41BC71D002059FCB21DF55C885BAEBBB0FF50310F24815AE40AAB292DF74AE45CB91
                                                                                                                                                                                                                        Function 00083400 Relevance: 9.1, APIs: 6, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00083435
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00083457
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00083477
                                                                                                                                                                                                                        • std::_Locinfo::~_Locinfo.LIBCPMT ref: 0008353A
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00083547
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00083569
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2966223926-0
                                                                                                                                                                                                                        • Opcode ID: 7ae923d79ecb54c9b57dd18ec0014185fcbd57c9edbd295d31970be40ab05b37
                                                                                                                                                                                                                        • Instruction ID: 91cad1c7beba2b518ef456f190639578a31a3caf824f0bf7677d9738c1831ec2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ae923d79ecb54c9b57dd18ec0014185fcbd57c9edbd295d31970be40ab05b37
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB41EC719002059FCB11EF58C951AAEB7B0FF94710F10829AE84AAB352EB74FB45CB91
                                                                                                                                                                                                                        Function 000732DE Relevance: 9.1, APIs: 6, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 000732E5
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000732F2
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00073340
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00073360
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0007336D
                                                                                                                                                                                                                        • __Towlower.LIBCPMT ref: 00073388
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_RegisterTowlower
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2111902878-0
                                                                                                                                                                                                                        • Opcode ID: d1181d91490a7357f39cce12c0a24d5839ee39f03734444f80a00366238d0b1a
                                                                                                                                                                                                                        • Instruction ID: bd9cfeb2c536a594535c50db10e1467bd893b7c0a9f94f8e70bb6efe921008c9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1181d91490a7357f39cce12c0a24d5839ee39f03734444f80a00366238d0b1a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9611C232D00209DFDB14EB64D942AFEB7A4AF84710F24811AF51967393DF349F4197A5
                                                                                                                                                                                                                        Function 000D8203 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000D820A
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000D8214
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • moneypunct.LIBCPMT ref: 000D824E
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000D8265
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000D8285
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000D8292
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3376033448-0
                                                                                                                                                                                                                        • Opcode ID: 44a37fa199c5019ddfed496eb7bf364f1c4e8c0818718db70b2cb136fe53bce5
                                                                                                                                                                                                                        • Instruction ID: f228758967b3c9d377454d957593f63caea6fdac7da564b2b35adadd537ccfa2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44a37fa199c5019ddfed496eb7bf364f1c4e8c0818718db70b2cb136fe53bce5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9701C0319042199FCB04EBA4C902AFD77B5BF80714F24850AF8146B3C2DF749E018BA1
                                                                                                                                                                                                                        Function 000D8298 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000D829F
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000D82A9
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • moneypunct.LIBCPMT ref: 000D82E3
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000D82FA
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000D831A
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000D8327
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3376033448-0
                                                                                                                                                                                                                        • Opcode ID: 46db5a00db23dc0ffcb461c5c1eefba51d2c8e7813e9831089efad9cfbaa8b29
                                                                                                                                                                                                                        • Instruction ID: b069a310e380a046e0ec1acb8194f9bb3df3340abc4053e7eb2680e190c8f8e8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46db5a00db23dc0ffcb461c5c1eefba51d2c8e7813e9831089efad9cfbaa8b29
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE01C0719042199FCB04EBA4CC06AFEB7A5BF40714F24810AE8186B3D2CF749E05DBA1
                                                                                                                                                                                                                        Function 000D832D Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000D8334
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000D833E
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • moneypunct.LIBCPMT ref: 000D8378
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000D838F
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000D83AF
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000D83BC
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3376033448-0
                                                                                                                                                                                                                        • Opcode ID: 63d2de5dd828f29921dfe0499c16e4660dc9adf2953a1e4b36bb39e50da0653d
                                                                                                                                                                                                                        • Instruction ID: ff1e26f93b0b6391cce6b2c1547123bc0096b6f3ff73476672416fe1810b55a5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63d2de5dd828f29921dfe0499c16e4660dc9adf2953a1e4b36bb39e50da0653d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9501C4759002159BCB14EB64CD01AED77A5BF40714F24400AE818673D2DF749F0197A1
                                                                                                                                                                                                                        Function 000D435B Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000D4362
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000D436C
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • codecvt.LIBCPMT ref: 000D43A6
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000D43BD
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000D43DD
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000D43EA
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2133458128-0
                                                                                                                                                                                                                        • Opcode ID: 4632a22cefb1e8adc9b82763fae129af785c233a4f48ef3613fba283f824475e
                                                                                                                                                                                                                        • Instruction ID: 76f3ea8dea8a996489214a43eddabd374092c57f46b9a1d1841638587e35644b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4632a22cefb1e8adc9b82763fae129af785c233a4f48ef3613fba283f824475e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2201CC359042199BCB04FBA8C912AEEB7A5BF80314F24410AF414AB3C2CFB49F01CBA1
                                                                                                                                                                                                                        Function 000D83C2 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000D83C9
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000D83D3
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • moneypunct.LIBCPMT ref: 000D840D
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000D8424
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000D8444
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000D8451
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3376033448-0
                                                                                                                                                                                                                        • Opcode ID: 0b42da90864e2dde3f61e64a0ac817d583477a104215873758bab3d236b5f8d9
                                                                                                                                                                                                                        • Instruction ID: 493ab7b870d9c4c738ddd940ef9380af35b1c7db4402cc5b377196b7b6cac546
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b42da90864e2dde3f61e64a0ac817d583477a104215873758bab3d236b5f8d9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4701D23190021A9BCB14EB64C906AFE77B5BF80714F24810AF8156B3C2DF749E019BA1
                                                                                                                                                                                                                        Function 000E4475 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000E447C
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000E4486
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • collate.LIBCPMT ref: 000E44C0
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000E44D7
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000E44F7
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000E4504
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1767075461-0
                                                                                                                                                                                                                        • Opcode ID: f0a05154105643e257fca75bea5072dd563e7122fc840951a8005d9824f7f5e0
                                                                                                                                                                                                                        • Instruction ID: 60574b537e1e994d195533135db47328aed652c73681a09581520bcbff4440ea
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f0a05154105643e257fca75bea5072dd563e7122fc840951a8005d9824f7f5e0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8401C076A042599FCB14EBA5CC42AED77A5BF80314F24450AF8147B3C3DF749E058B91
                                                                                                                                                                                                                        Function 000E450A Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000E4511
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000E451B
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • messages.LIBCPMT ref: 000E4555
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000E456C
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000E458C
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000E4599
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 958335874-0
                                                                                                                                                                                                                        • Opcode ID: 26ec180f08fe40f9dae3dde00ee02b850d72c9f217a53b8e6ee9d5d6508f25f0
                                                                                                                                                                                                                        • Instruction ID: a3a30fa4acfa7911bae1ae5713e1e72625ec40e6ae02b158e741b5b9d8719983
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26ec180f08fe40f9dae3dde00ee02b850d72c9f217a53b8e6ee9d5d6508f25f0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E01C036900259DFCB14EBA5C941AEE77A5BF84324F24451AF8157B3C3CF749E418B91
                                                                                                                                                                                                                        Function 000D8616 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000D861D
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000D8627
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • numpunct.LIBCPMT ref: 000D8661
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000D8678
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000D8698
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000D86A5
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3064348918-0
                                                                                                                                                                                                                        • Opcode ID: 18015601133856c8348ea7677ee8e154e353a01e7e5e5cfbe07bb4edf3d0ebd2
                                                                                                                                                                                                                        • Instruction ID: abc193375a133c4f8e8c30a85dc949742fa2e0f5db90ed4390c7824d45f78615
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 18015601133856c8348ea7677ee8e154e353a01e7e5e5cfbe07bb4edf3d0ebd2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5601D6359003199BCB04EBA4CD056ED77B5BF80724F24400AF4186B3C2EF74DE418BA1
                                                                                                                                                                                                                        Function 000E46C9 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000E46D0
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000E46DA
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • moneypunct.LIBCPMT ref: 000E4714
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000E472B
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000E474B
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000E4758
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3376033448-0
                                                                                                                                                                                                                        • Opcode ID: 990f5a4e9ec9c9315704bebab7f2df11b5afde6f5e8f78c7c558bdc9b16c4ecd
                                                                                                                                                                                                                        • Instruction ID: 5a4b69f48853f44d4740e106546881d9139c5d017b0c01e5137f9f91132b53a9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 990f5a4e9ec9c9315704bebab7f2df11b5afde6f5e8f78c7c558bdc9b16c4ecd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F01C035D042599FCB04EBA4C905AFE77B5BF40314F254009E8247B3D2CF749E018B91
                                                                                                                                                                                                                        Function 000E475E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000E4765
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000E476F
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • moneypunct.LIBCPMT ref: 000E47A9
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000E47C0
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000E47E0
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000E47ED
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3376033448-0
                                                                                                                                                                                                                        • Opcode ID: 36cb7aeb5384f7bb8f3d00898b9deef8a72691b492e4b16ec2ba4a9e0a35638e
                                                                                                                                                                                                                        • Instruction ID: 1e3ee469c273c4ac50220b6b6503560617ca282067d9e5aa76a5b46bd023e606
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36cb7aeb5384f7bb8f3d00898b9deef8a72691b492e4b16ec2ba4a9e0a35638e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA01C0359142599FCB04EB69C905AEE77A5BF80714F244109F8157B3D2CF749E01DB91
                                                                                                                                                                                                                        Function 0009C410 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0009C546
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0009C54B
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0009C550
                                                                                                                                                                                                                          • Part of subcall function 000EE960: _free.LIBCMT ref: 000EE973
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Concurrency::cancel_current_task$_free
                                                                                                                                                                                                                        • String ID: false$true
                                                                                                                                                                                                                        • API String ID: 149343396-2658103896
                                                                                                                                                                                                                        • Opcode ID: 2cad6ad2afa3fc9c5cd19c6f6c805db8a649d6e3430a4f159f9547a0b6cd0d29
                                                                                                                                                                                                                        • Instruction ID: 9540208b361683fa8434e8fcd3648010f5c0298fb76f404c8399b10f7c9d4b86
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2cad6ad2afa3fc9c5cd19c6f6c805db8a649d6e3430a4f159f9547a0b6cd0d29
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 404154759007449FDB20DF64D841BAABBF4AF06300F04846DE856AB753D772EA45CBA1
                                                                                                                                                                                                                        Function 0008D87D Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 110COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008D8F5
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008DF0C
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                        • String ID: Event Sender already initialized for Azure$Failed to encode url$~
                                                                                                                                                                                                                        • API String ID: 1656330964-1958975516
                                                                                                                                                                                                                        • Opcode ID: f1bab3c29870b9276eaeadd8658448741dd294e2f74dbd0cd4f4dca2c9370f65
                                                                                                                                                                                                                        • Instruction ID: 5f04bb1e5900a2c884d3a4edf340e452693d5df0aac18ac0e20e28d731aeeb89
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1bab3c29870b9276eaeadd8658448741dd294e2f74dbd0cd4f4dca2c9370f65
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F410370D042489FDB18EB64CC45BDDB3B9FF44310F00829AE809672D2EF756A48CB66
                                                                                                                                                                                                                        Function 000ED1B7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,000ED278,?,?,001677FC,00000000,?,000ED3A3,00000004,InitializeCriticalSectionEx,0014013C,00140144,00000000), ref: 000ED247
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                                                                        • API String ID: 3664257935-2084034818
                                                                                                                                                                                                                        • Opcode ID: 816473401e606800ed841c0aeffb1354da517397469865ee3de76aed69c8f352
                                                                                                                                                                                                                        • Instruction ID: 96f34266eb092dee6c91de20f46e55223307dbd890b21b0aba7416d467fa62fe
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 816473401e606800ed841c0aeffb1354da517397469865ee3de76aed69c8f352
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6611C131A41261BFDB728B6A9C40B5D33E4EB25760F100156FE01B72D0D770ED0186D0
                                                                                                                                                                                                                        Function 0009E150 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registrylibraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 0009E172
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0009E182
                                                                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(00000000,?), ref: 0009E1C2
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressDeleteHandleModuleProc
                                                                                                                                                                                                                        • String ID: Advapi32.dll$RegDeleteKeyExW
                                                                                                                                                                                                                        • API String ID: 588496660-2191092095
                                                                                                                                                                                                                        • Opcode ID: 6fe75832ad7e0353c830f855367fbb781291bb52df92422419f2cc11c746ba40
                                                                                                                                                                                                                        • Instruction ID: 93ba49e0ebf6f5520a75502f16d5ebfa5c6d0c896a7ac8212a1cb1b4bd18cf16
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fe75832ad7e0353c830f855367fbb781291bb52df92422419f2cc11c746ba40
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53015275344240AADB30CB59FC04B667BE9A790B61F04403AF104C2960C7F39C91EB64
                                                                                                                                                                                                                        Function 000C11F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 000C1210
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 000C121A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • WriteFile failed: %d, xrefs: 000C1221
                                                                                                                                                                                                                        • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 000C122D
                                                                                                                                                                                                                        • NWebAdvisor::CCabParser::Write, xrefs: 000C1228
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                        • String ID: NWebAdvisor::CCabParser::Write$WriteFile failed: %d$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                                                        • API String ID: 442123175-2264278858
                                                                                                                                                                                                                        • Opcode ID: 7898c046707adf15ae40d68eb31ceefcd6b6d4e59a1bf550c1d2262deeba7546
                                                                                                                                                                                                                        • Instruction ID: 0903fab0cce4159623bcd42594f9b4e27a3f624f7b417d93a19fea01ec5c0b20
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7898c046707adf15ae40d68eb31ceefcd6b6d4e59a1bf550c1d2262deeba7546
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9EF06831740108BFDB40EFA4DC42FADB7F4EB18B05F404159FD09AA192EA719A65D751
                                                                                                                                                                                                                        Function 000A08A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32), ref: 000A08A9
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 000A08C0
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?), ref: 000A08D7
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                                                                        • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                        • API String ID: 4190356694-3789238822
                                                                                                                                                                                                                        • Opcode ID: 74f5804e7cd77deba0fc1a4ae13761745f1d30072958aff4fab842c412205249
                                                                                                                                                                                                                        • Instruction ID: 407366ab61a1e0762e8d489508eb9f7fa58229c7c85d8cd8313eae0002716475
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74f5804e7cd77deba0fc1a4ae13761745f1d30072958aff4fab842c412205249
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 56F08232A4131CBBDE209BE0AC09AAA77DCEB02755B004695FC0893600EA75CD6696D5
                                                                                                                                                                                                                        Function 000FE940 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,000FE935,?,?,000FE8FD,00000002,00000002,?), ref: 000FE955
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 000FE968
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,000FE935,?,?,000FE8FD,00000002,00000002,?), ref: 000FE98B
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                        • Opcode ID: 38167ccb167fc6ab48318e9f030152f226fcf899f10dbc3b4d1ba10d1de60335
                                                                                                                                                                                                                        • Instruction ID: cf7661e7fd27d68310939dc6b81fa40c888cfe9dbafdb29f7aebdfd02f7c89eb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38167ccb167fc6ab48318e9f030152f226fcf899f10dbc3b4d1ba10d1de60335
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3FF08C30A14218FBDB619B51DD09FADBBB8EB00B56F000064F504A25B0CBB08F92EBA4
                                                                                                                                                                                                                        Function 001003F2 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00102174: RtlAllocateHeap.NTDLL(00000000,?,?,?,000E872D,?,?,0007A1ED,0000002C,384F580C), ref: 001021A6
                                                                                                                                                                                                                        • _free.LIBCMT ref: 00100501
                                                                                                                                                                                                                        • _free.LIBCMT ref: 00100518
                                                                                                                                                                                                                        • _free.LIBCMT ref: 00100535
                                                                                                                                                                                                                        • _free.LIBCMT ref: 00100550
                                                                                                                                                                                                                        • _free.LIBCMT ref: 00100567
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _free$AllocateHeap
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3033488037-0
                                                                                                                                                                                                                        • Opcode ID: 48309bee2c663f2e0b5dd75ba56a1aa908c983841f320a161ac5c28b06ea322d
                                                                                                                                                                                                                        • Instruction ID: 6706323e6300c7f57e2a210d4c8a1359632f4cc28fea8972fc3bb61de24cf3e6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48309bee2c663f2e0b5dd75ba56a1aa908c983841f320a161ac5c28b06ea322d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8251BE72A00704AFDB22DF69CC41B6A77F4FF59720F144569E889EB290E7B1EA41CB40
                                                                                                                                                                                                                        Function 000D43F0 Relevance: 7.6, APIs: 5, Instructions: 76COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000D43F7
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000D4401
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000D4452
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000D4472
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000D447F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 55977855-0
                                                                                                                                                                                                                        • Opcode ID: 41bdcf4553d4f1214c8028c25e63b945fb0e54f5a73afdfe558646fe86993828
                                                                                                                                                                                                                        • Instruction ID: 03fca7d6d5b33e4fff2001138a9e3d0627cb71f099a08e42d4df7fb8b13c12f1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41bdcf4553d4f1214c8028c25e63b945fb0e54f5a73afdfe558646fe86993828
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D311E232904319ABCB14EBA4DD02BEEB7A5AF40714F25810AF904A73C2DF749E418BA1
                                                                                                                                                                                                                        Function 000D7579 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Maklocstr$Maklocchr
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2020259771-0
                                                                                                                                                                                                                        • Opcode ID: 3daf8db507c38b599e133ebc74d20602103f295d7911ce6893afb29ce26688e8
                                                                                                                                                                                                                        • Instruction ID: 379bbe089918caa6a7978a8d0dc9a0dcddcb0ee9a44e4a45f303cfc79a0cb882
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3daf8db507c38b599e133ebc74d20602103f295d7911ce6893afb29ce26688e8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2114FB1508B44BBE720DBA59881F56B7ECAF08710F04491AF2498BB41E365FD5487B5
                                                                                                                                                                                                                        Function 000777FD Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 00077804
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00077811
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0007785F
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0007787F
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0007788C
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3498242614-0
                                                                                                                                                                                                                        • Opcode ID: 5185a192af74d482ee33d8c549cffc3cd930330b9b5590986f5af12c027d95dd
                                                                                                                                                                                                                        • Instruction ID: 394604f469264bd77f7f466ce5c0ed08fb0630d0d9c28d180cfcd5938e1c7633
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5185a192af74d482ee33d8c549cffc3cd930330b9b5590986f5af12c027d95dd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6001C031D04209DBCB04EBA8C9466FD77A5AF84750F248109F50967383CF789E41CBE6
                                                                                                                                                                                                                        Function 00077892 Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 00077899
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000778A6
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000778F4
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00077914
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00077921
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3498242614-0
                                                                                                                                                                                                                        • Opcode ID: 1311a50e7674f885f51004a2ea81f25e99f0d3927e0c1b0d10b366ab2d940729
                                                                                                                                                                                                                        • Instruction ID: 09f757378659345bd8c1db0688ed2fe5a4cf9d79decf7283a595a87a3a30b28b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1311a50e7674f885f51004a2ea81f25e99f0d3927e0c1b0d10b366ab2d940729
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7001AD31D09209DBCB15EB64C9526BD77A4AF84750F244509F50867383CF389E4587A9
                                                                                                                                                                                                                        Function 000D8044 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000D804B
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000D8055
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000D80A6
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000D80C6
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000D80D3
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 55977855-0
                                                                                                                                                                                                                        • Opcode ID: adf6aa1ca51fc94d1f7c6e88c68366ab3d12e16b1b0447d2e4a26fdbe625ad49
                                                                                                                                                                                                                        • Instruction ID: 961c31e8d0d94368085b6339dd7828aba8601dffb8ac18fd345862a5465dad26
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: adf6aa1ca51fc94d1f7c6e88c68366ab3d12e16b1b0447d2e4a26fdbe625ad49
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B01D2319043199BCB15EBA4DC41AFEBBB5BF40714F25810AE8146B3C2DF749E45CBA1
                                                                                                                                                                                                                        Function 000D80D9 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000D80E0
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000D80EA
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000D813B
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000D815B
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000D8168
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 55977855-0
                                                                                                                                                                                                                        • Opcode ID: 5b50995b3fdb1f8555f93ccbab9ccbc5325fd6285a8d3ee801221889c616251a
                                                                                                                                                                                                                        • Instruction ID: d1f1910d812b0fe9278e2c65ea28345a9bfacc1d4107cad3a90448580b34bcdf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b50995b3fdb1f8555f93ccbab9ccbc5325fd6285a8d3ee801221889c616251a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E01C035D003599FCB05EB64CD46AEE77B5BF80714F24440AE8146B3C2DF749E458BA1
                                                                                                                                                                                                                        Function 000D816E Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000D8175
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000D817F
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000D81D0
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000D81F0
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000D81FD
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 55977855-0
                                                                                                                                                                                                                        • Opcode ID: 189094aa126747f1487b92b7ff829f18c195eca1adeb2e1e40be461dcd122c4a
                                                                                                                                                                                                                        • Instruction ID: 5174cb848f6c06454dd24bd6f10be8eace5976ebe92941a899a0c3385cd36aeb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 189094aa126747f1487b92b7ff829f18c195eca1adeb2e1e40be461dcd122c4a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0201D2359002199BCB15EB64CC01AFDB7B9BF44314F24810AF814AB3D2CF749E068BA5
                                                                                                                                                                                                                        Function 000D8457 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000D845E
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000D8468
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000D84B9
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000D84D9
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000D84E6
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 55977855-0
                                                                                                                                                                                                                        • Opcode ID: fb054e464705f38a12baead065cd0d27873cd3d1df0daa7af87546329513bb8b
                                                                                                                                                                                                                        • Instruction ID: ae61194a1ea1c4ccfa73bc7137fb6906ae307445bae5ae9d653bf861d5b02629
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb054e464705f38a12baead065cd0d27873cd3d1df0daa7af87546329513bb8b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B01D23590421A9BCB15EB64C906AEEB7B5BF40724F24850AF8147B3C2DF749E01CBA1
                                                                                                                                                                                                                        Function 000D84EC Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000D84F3
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000D84FD
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000D854E
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000D856E
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000D857B
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 55977855-0
                                                                                                                                                                                                                        • Opcode ID: cc659ca3ec2f14b909b474c46350ed956f47c31ca670ed303b11051b2f4ef756
                                                                                                                                                                                                                        • Instruction ID: 31a48b6d330e5108bc313d47e6af935039eea57481871a385f9ce0fe1c5d8f64
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc659ca3ec2f14b909b474c46350ed956f47c31ca670ed303b11051b2f4ef756
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B01D2319006199FCF04EBA4DC12AEEB7B5BF40314F25850AE815AB3D2DF749E01CBA1
                                                                                                                                                                                                                        Function 000D8581 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000D8588
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000D8592
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000D85E3
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000D8603
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000D8610
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 55977855-0
                                                                                                                                                                                                                        • Opcode ID: 299edc015a444a4b8418a2dd4d8d620cef73501ae0580c182bc594e8218d3684
                                                                                                                                                                                                                        • Instruction ID: ff48cd5e82d5997972e0deced512a1c34d7062829cb79c1909a2d1c77398901b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 299edc015a444a4b8418a2dd4d8d620cef73501ae0580c182bc594e8218d3684
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7901D2359042199BCB04EFA4CD06AEEB7B5BF40724F24440AE8146B3C2DF74DE01CBA5
                                                                                                                                                                                                                        Function 000E459F Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000E45A6
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000E45B0
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000E4601
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000E4621
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000E462E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 55977855-0
                                                                                                                                                                                                                        • Opcode ID: 3e0e488eae808cde713661f99b43d2073b6090ab4a0b0b00d4f913dc8b36c0c1
                                                                                                                                                                                                                        • Instruction ID: ced9e9c2a12ae40f902159dc55204ff588f3d17c6f76af681109e91f6488265c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e0e488eae808cde713661f99b43d2073b6090ab4a0b0b00d4f913dc8b36c0c1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4010035D002599FCB04EBA4C841AEEB7B1BF40710F21000AE814BB3D2DF749E01CB91
                                                                                                                                                                                                                        Function 000E4634 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000E463B
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000E4645
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000E4696
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000E46B6
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000E46C3
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 55977855-0
                                                                                                                                                                                                                        • Opcode ID: 8d6ad8d00afd260d8d1c21d4d36c8d256f8a92f61d1c13cfa13cae3d3b846844
                                                                                                                                                                                                                        • Instruction ID: 79fe32bb60578b38c0b6b8e143c81b1f78f996c9ad697ce7bef1d179fd40746f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d6ad8d00afd260d8d1c21d4d36c8d256f8a92f61d1c13cfa13cae3d3b846844
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD01C0319042599FCB04EB65CD45AEDB7A5BF40314F24450AE814BB3D2CF749E418B92
                                                                                                                                                                                                                        Function 000D86AB Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000D86B2
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000D86BC
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000D870D
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000D872D
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000D873A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 55977855-0
                                                                                                                                                                                                                        • Opcode ID: 59eae8adf8dd6663946f040bf53a4a8f0be2ba220f96b17e819636237d3a88a9
                                                                                                                                                                                                                        • Instruction ID: e338a41df2f0626156962ca470a9c853a332c1a226c7c30510a820efb8c3f8e5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 59eae8adf8dd6663946f040bf53a4a8f0be2ba220f96b17e819636237d3a88a9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4201C035D042199BCB05EB64C912AFDB7A5BF50714F24800AE8146B3C2DF749E019BA5
                                                                                                                                                                                                                        Function 000D8740 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000D8747
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000D8751
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000D87A2
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000D87C2
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000D87CF
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 55977855-0
                                                                                                                                                                                                                        • Opcode ID: 9081c97f01aac2b36708d383a1bee1f3e1a5882d9b958779bbac6301f0c1da12
                                                                                                                                                                                                                        • Instruction ID: 9c3bc2a96ed4170efeaf56237e4dc9caebfff4b5807136699574defa08f5f761
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9081c97f01aac2b36708d383a1bee1f3e1a5882d9b958779bbac6301f0c1da12
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07010035904219ABCB04EB64CC01AED77B2FF40724F24400AE8046B3C2DF749E008BA1
                                                                                                                                                                                                                        Function 000D87D5 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000D87DC
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000D87E6
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000D8837
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000D8857
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000D8864
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 55977855-0
                                                                                                                                                                                                                        • Opcode ID: af02bb36c16284cd7e46964dbdf817ee66cfa9079319e693c347f731a4c1694c
                                                                                                                                                                                                                        • Instruction ID: 904fb803f59c7ab249a4043cdda40c09b0236200e01c90f743546de7e3485d4a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: af02bb36c16284cd7e46964dbdf817ee66cfa9079319e693c347f731a4c1694c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4301C0319043199FCB14EBA4C906AFD77A5BF40714F24840AE8146B3C2DF749E45DBA1
                                                                                                                                                                                                                        Function 000E47F3 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000E47FA
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000E4804
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000E4855
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000E4875
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000E4882
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 55977855-0
                                                                                                                                                                                                                        • Opcode ID: b3763cf02e4d255e962dba6d6d6a26647cd73ebf2c7d46d3734ec750414022a9
                                                                                                                                                                                                                        • Instruction ID: 8e0195e2c671470c3f01bfed7b131a214e328132e69f11238cea7d0d368ddff6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3763cf02e4d255e962dba6d6d6a26647cd73ebf2c7d46d3734ec750414022a9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F01C0319042999FCB08EB65CD15AEE77B5BF80714F244009E814BB3D2DFB49E41CB91
                                                                                                                                                                                                                        Function 000E4888 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 000E488F
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000E4899
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::_Lockit.LIBCPMT ref: 00072D30
                                                                                                                                                                                                                          • Part of subcall function 00072D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00072D4C
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 000E48EA
                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 000E490A
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000E4917
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 55977855-0
                                                                                                                                                                                                                        • Opcode ID: ce6d2d1c382c357ebf2ed114ba7eec4b20fa7c324a06759b87018b5b557c2989
                                                                                                                                                                                                                        • Instruction ID: 192342b1504f6433d984fc0b652cd927bea8fd558dbdbe002a31a8668f88eb41
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce6d2d1c382c357ebf2ed114ba7eec4b20fa7c324a06759b87018b5b557c2989
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F501CC3290425A9FCB04EBA5CD42AEEB7A5BF80324F244109E814BB3C2DF749E05CB91
                                                                                                                                                                                                                        Function 0010B487 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _free.LIBCMT ref: 0010B49F
                                                                                                                                                                                                                          • Part of subcall function 00102098: RtlFreeHeap.NTDLL(00000000,00000000,?,0010B729,?,00000000,?,?,?,0010B9CC,?,00000007,?,?,0010BDD6,?), ref: 001020AE
                                                                                                                                                                                                                          • Part of subcall function 00102098: GetLastError.KERNEL32(?,?,0010B729,?,00000000,?,?,?,0010B9CC,?,00000007,?,?,0010BDD6,?,?), ref: 001020C0
                                                                                                                                                                                                                        • _free.LIBCMT ref: 0010B4B1
                                                                                                                                                                                                                        • _free.LIBCMT ref: 0010B4C3
                                                                                                                                                                                                                        • _free.LIBCMT ref: 0010B4D5
                                                                                                                                                                                                                        • _free.LIBCMT ref: 0010B4E7
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                        • Opcode ID: 284ce819b913be03e84e286fa1613f9cd2440372c401fccb6e6d60c89fd448f2
                                                                                                                                                                                                                        • Instruction ID: 7c67cb07fa23245b64ce59dcca0f1f3d0b22667c2e2ed5b68cb17c5169e96c0c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 284ce819b913be03e84e286fa1613f9cd2440372c401fccb6e6d60c89fd448f2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7F01232608704ABC630EB64F5C6C1A77DDEF157107948819F08ADBAC5C7B0FDC18A50
                                                                                                                                                                                                                        Function 000E88B0 Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(0016742C,?,?,00084086,0016827C,001268E0,?), ref: 000E88BA
                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(0016742C,?,?,00084086,0016827C,001268E0,?), ref: 000E88ED
                                                                                                                                                                                                                        • RtlWakeAllConditionVariable.NTDLL ref: 000E8964
                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,00084086,0016827C,001268E0,?), ref: 000E896E
                                                                                                                                                                                                                        • ResetEvent.KERNEL32(?,00084086,0016827C,001268E0,?), ref: 000E897A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3916383385-0
                                                                                                                                                                                                                        • Opcode ID: 27a9dd21ee2bbc46c75052b1da5f8f003c9d751ebc9486e4db8801998a9aa143
                                                                                                                                                                                                                        • Instruction ID: 8803075f2af5ce86c2474f8a680aa38cbc177a27a0a0562b4cef3c165e7aebe2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27a9dd21ee2bbc46c75052b1da5f8f003c9d751ebc9486e4db8801998a9aa143
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81016971A05120EFC710AF28FC488987BA8EB0D712704806AF802A7B71CF705CA2CF90
                                                                                                                                                                                                                        Function 000C0720 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 19COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • CloseHandle failed: %d, xrefs: 000C0737
                                                                                                                                                                                                                        • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 000C0743
                                                                                                                                                                                                                        • NWebAdvisor::CCabParser::Close, xrefs: 000C073E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                        • String ID: CloseHandle failed: %d$NWebAdvisor::CCabParser::Close$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                                                        • API String ID: 918212764-1823807987
                                                                                                                                                                                                                        • Opcode ID: b38537d0341552b71d2b88339f28c8db256c2825a7e9d1a1b498aa79fb4a3686
                                                                                                                                                                                                                        • Instruction ID: 2a864f7a6b5fdd8f6c19ee88d23b44bf1ef2d5958ddfaffd3c6ea8c30b4494f4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b38537d0341552b71d2b88339f28c8db256c2825a7e9d1a1b498aa79fb4a3686
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6D05B317403107EFB701BA9AC0BF5635D89B05724F000A6CB651915E1D7E1A8618755
                                                                                                                                                                                                                        Function 000F3207 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 375COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __freea
                                                                                                                                                                                                                        • String ID: a/p$am/pm
                                                                                                                                                                                                                        • API String ID: 240046367-3206640213
                                                                                                                                                                                                                        • Opcode ID: 4ad5e6de89840d50787d8f0c6cbb8230a967dbd323844b6f42e65b8639cc7abc
                                                                                                                                                                                                                        • Instruction ID: 03e0c73906c0e493c155fa0bf9caf46f441c9b74c8fe3470782e9c8222fb77b1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ad5e6de89840d50787d8f0c6cbb8230a967dbd323844b6f42e65b8639cc7abc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35C1C07590020ADACF64CF68C885ABEB7F1FF45B20F284049E601ABB51D775AF41EB51
                                                                                                                                                                                                                        Function 000D52EC Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 317COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 000D52F3
                                                                                                                                                                                                                          • Part of subcall function 0009BDF0: std::_Lockit::_Lockit.LIBCPMT ref: 0009BE2F
                                                                                                                                                                                                                          • Part of subcall function 0009BDF0: std::_Lockit::_Lockit.LIBCPMT ref: 0009BE51
                                                                                                                                                                                                                          • Part of subcall function 0009BDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 0009BE71
                                                                                                                                                                                                                          • Part of subcall function 0009BDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 0009BFFC
                                                                                                                                                                                                                        • _Find_elem.LIBCPMT ref: 000D54EF
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                        • String ID: 0123456789ABCDEFabcdef-+Xx$l8]
                                                                                                                                                                                                                        • API String ID: 3042121994-2459615514
                                                                                                                                                                                                                        • Opcode ID: 6337c95e0cf68a9c09f689ad6a3f18fae63643b8b588ae9da7bddcc185ab102f
                                                                                                                                                                                                                        • Instruction ID: 821a02aef293cdb89d5ebfcc1ebac63ef71f0dc10c1a9751c45d3a3b4fbd79b2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6337c95e0cf68a9c09f689ad6a3f18fae63643b8b588ae9da7bddcc185ab102f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17C19F30D04B888BDF22DBA4D850BECBBB2AF55305F68405ADC856B387DB709D46CB61
                                                                                                                                                                                                                        Function 0008B6E0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 219COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008B886
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008B93D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Failed to convert byte to wide, xrefs: 0008B856
                                                                                                                                                                                                                        • Failed to convert wide to byte, xrefs: 0008B90D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                        • String ID: Failed to convert byte to wide$Failed to convert wide to byte
                                                                                                                                                                                                                        • API String ID: 1656330964-1708777540
                                                                                                                                                                                                                        • Opcode ID: 794f4df43245f2335f21d7c22bd1bf45aff0c927aa2687ec7303359fc6543c09
                                                                                                                                                                                                                        • Instruction ID: 1fdd74407832118ee1fe934680491f7468084e8d8d2250dc3531c8eaae9c914a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 794f4df43245f2335f21d7c22bd1bf45aff0c927aa2687ec7303359fc6543c09
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 588111B0E00248CFDF18EFA8C955BEDBBB5FF41304F108158E8496B282DB755A49CB61
                                                                                                                                                                                                                        Function 001151F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: \\?\
                                                                                                                                                                                                                        • API String ID: 0-4282027825
                                                                                                                                                                                                                        • Opcode ID: b71a90f9232008a75924adf34e6036e93bc705c68d12023ac7b99a05f878acb7
                                                                                                                                                                                                                        • Instruction ID: 3675e5642d47717e03ae914d213435e5850d5654ef6271b9e9559ba5ff0a6fee
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b71a90f9232008a75924adf34e6036e93bc705c68d12023ac7b99a05f878acb7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8719371D00618DFCF18DFA8C884AEDB7F6BF85310F14422AE419E7291D734A981CBA5
                                                                                                                                                                                                                        Function 0007B420 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 184COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0007B64C
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                        • API String ID: 323602529-1866435925
                                                                                                                                                                                                                        • Opcode ID: 048ce9c05a78d153fb4f36aa8ed463a4150fe3799102835b19ffb313b887def2
                                                                                                                                                                                                                        • Instruction ID: 0ca51b9014d1704d761219916c18e5982298097eafd384a3197b710b392e55f1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 048ce9c05a78d153fb4f36aa8ed463a4150fe3799102835b19ffb313b887def2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A71ACB1A00649EFCB14CF58C984B9AFBF4FF08314F14816AE9189B791D7B9E905CB80
                                                                                                                                                                                                                        Function 00114620 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • WritePrivateProfileStructW.KERNEL32(?,00000000,4752434D,00000024,00000000), ref: 001146E4
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00114728
                                                                                                                                                                                                                        • WritePrivateProfileStructW.KERNEL32(?,00000000,?,00000004,00000000), ref: 00114768
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: PrivateProfileStructWrite$ErrorLast
                                                                                                                                                                                                                        • String ID: MCRG
                                                                                                                                                                                                                        • API String ID: 3778923442-1523812224
                                                                                                                                                                                                                        • Opcode ID: 54b1bee537c0e6f82d46cf3659931c404164762b5122b3377ddbcb2bd25e0f85
                                                                                                                                                                                                                        • Instruction ID: 163308e1072434e3e6c1115b377defcf90a3b8b3ce4b0b284769026adccd0fe7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 54b1bee537c0e6f82d46cf3659931c404164762b5122b3377ddbcb2bd25e0f85
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D519B75900249AFDB14CFA8D845FDEBBF8EF09720F148269F815AB2A1DB709945CB90
                                                                                                                                                                                                                        Function 00080490 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 000D3D98: FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,?,?,000804D5,?,?,384F580C), ref: 000D3DAE
                                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 000805CC
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000805F6
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Concurrency::cancel_current_taskFormatFreeLocalMessage
                                                                                                                                                                                                                        • String ID: generic$unknown error
                                                                                                                                                                                                                        • API String ID: 3868770561-3628847473
                                                                                                                                                                                                                        • Opcode ID: 7a7877333be8f4f913a3201686498280dae1c939f8724251e13722790dc1bad7
                                                                                                                                                                                                                        • Instruction ID: 5c2e5cd2c47978dfd2f11c863f10b430666c239b3b44c7db7723b300c9f2943f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a7877333be8f4f913a3201686498280dae1c939f8724251e13722790dc1bad7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D441D770A017459FDB60AF68C8457AFBBF4FF45310F10062EF49697382D77895088BA1
                                                                                                                                                                                                                        Function 000FEA12 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\is-JAV1C.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                        • API String ID: 0-3614701973
                                                                                                                                                                                                                        • Opcode ID: 94d137b5f1cfdcfb6c3e232c981f0369457832ba63fa42a51776f7875cdc4fa1
                                                                                                                                                                                                                        • Instruction ID: 9ad7532e78dd9bb4ac1eaa43618802061f6e9e2dd6e96b98b678c58e239eb545
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94d137b5f1cfdcfb6c3e232c981f0369457832ba63fa42a51776f7875cdc4fa1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62319E71A0029CEFCB31DF99DC85DAFBBF8EB94310B104066F605A7661E7B09A44EB51
                                                                                                                                                                                                                        Function 00074A4A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: H_prolog3_
                                                                                                                                                                                                                        • String ID: /affid$MSAD_Subinfo$affid
                                                                                                                                                                                                                        • API String ID: 2427045233-3897642808
                                                                                                                                                                                                                        • Opcode ID: 5fa152aea82eae30514d5748bf5fcdf450a78950c806df56fb3b028594fd9c6e
                                                                                                                                                                                                                        • Instruction ID: 35d91d1ecb8da062a584d1d2ca6786dab5a1f2005d4791d851c833de8143c825
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5fa152aea82eae30514d5748bf5fcdf450a78950c806df56fb3b028594fd9c6e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17418070D44208DEDB18DFA4C895AEDBBB8FF09314F55806DE409B7282DB349A4ACB59
                                                                                                                                                                                                                        Function 000E2F50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 000E2F57
                                                                                                                                                                                                                          • Part of subcall function 000D7DF0: __EH_prolog3.LIBCMT ref: 000D7DF7
                                                                                                                                                                                                                          • Part of subcall function 000D7DF0: std::_Lockit::_Lockit.LIBCPMT ref: 000D7E01
                                                                                                                                                                                                                          • Part of subcall function 000D7DF0: std::_Lockit::~_Lockit.LIBCPMT ref: 000D7E72
                                                                                                                                                                                                                        • _Find_elem.LIBCPMT ref: 000E2FF3
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                                        • String ID: %.0Lf$0123456789-
                                                                                                                                                                                                                        • API String ID: 2544715827-3094241602
                                                                                                                                                                                                                        • Opcode ID: 5437011c5cc31e429afe7c54d6017f89978867baf1a7fb7da4c21b19a4f84ad4
                                                                                                                                                                                                                        • Instruction ID: 9b61a6c1c507966d94a8d07344bfcc1aba8b29b69317909098f0331834d2460b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5437011c5cc31e429afe7c54d6017f89978867baf1a7fb7da4c21b19a4f84ad4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31416D31900258DFCF15DFA5C884AEDBBB9FF18314F10016AE815BB256DB30DA56CBA5
                                                                                                                                                                                                                        Function 000E3200 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 000E3207
                                                                                                                                                                                                                          • Part of subcall function 000732DE: __EH_prolog3_GS.LIBCMT ref: 000732E5
                                                                                                                                                                                                                          • Part of subcall function 000732DE: std::_Lockit::_Lockit.LIBCPMT ref: 000732F2
                                                                                                                                                                                                                          • Part of subcall function 000732DE: std::_Lockit::~_Lockit.LIBCPMT ref: 00073360
                                                                                                                                                                                                                        • _Find_elem.LIBCPMT ref: 000E32A3
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: H_prolog3_Lockitstd::_$Find_elemLockit::_Lockit::~_
                                                                                                                                                                                                                        • String ID: 0123456789-$0123456789-
                                                                                                                                                                                                                        • API String ID: 3328206922-2494171821
                                                                                                                                                                                                                        • Opcode ID: 011c960d55e44ee7fca660488a4e46d7b8af2b97b8925eb3a8e8484bb2685582
                                                                                                                                                                                                                        • Instruction ID: 1f930cd2595192cd63acfc62e3d7b6b0096ee374625ce02809778024e585e27d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 011c960d55e44ee7fca660488a4e46d7b8af2b97b8925eb3a8e8484bb2685582
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8416D31D00258DFCF05DFA9C888AEEBBB5FF08310F104069E915BB256DB349A56CBA5
                                                                                                                                                                                                                        Function 000E7470 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 000E7477
                                                                                                                                                                                                                          • Part of subcall function 0009C960: std::_Lockit::_Lockit.LIBCPMT ref: 0009C995
                                                                                                                                                                                                                          • Part of subcall function 0009C960: std::_Lockit::_Lockit.LIBCPMT ref: 0009C9B7
                                                                                                                                                                                                                          • Part of subcall function 0009C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0009C9D7
                                                                                                                                                                                                                          • Part of subcall function 0009C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0009CAB1
                                                                                                                                                                                                                        • _Find_elem.LIBCPMT ref: 000E7511
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                        • String ID: 0123456789-$0123456789-
                                                                                                                                                                                                                        • API String ID: 3042121994-2494171821
                                                                                                                                                                                                                        • Opcode ID: 258f0d43773d43a28152001992fc7b604795257078cfffd9d389d87dcba1e5f8
                                                                                                                                                                                                                        • Instruction ID: 5037dc67251d42aac17128c0e1e1a365403118f2f1829cdd8daaa00d1e6e92de
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 258f0d43773d43a28152001992fc7b604795257078cfffd9d389d87dcba1e5f8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4416B71D00249DFCF15DFA5D880ADEBBB5FF04310F104059E915AB292DB749A12CB55
                                                                                                                                                                                                                        Function 0009D700 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SHGetKnownFolderPath.SHELL32(0013D7E8,00000000,00000000,?,384F580C), ref: 0009D75C
                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 0009D7D4
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FolderFreeKnownPathTask
                                                                                                                                                                                                                        • String ID: %s\%s
                                                                                                                                                                                                                        • API String ID: 969438705-4073750446
                                                                                                                                                                                                                        • Opcode ID: 48bb24b3249dff6326b184944740e5c74d68476f554a5add2f572860cea3bfe4
                                                                                                                                                                                                                        • Instruction ID: 55c861e46c134626e3be0f0fd62ee5dfb4efea62a3e2627e504753e3e9634e97
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48bb24b3249dff6326b184944740e5c74d68476f554a5add2f572860cea3bfe4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C2171B1A44208ABDB14DFA5DC85BEEF7F8EB48714F50452AE805A3680EB74A904CB60
                                                                                                                                                                                                                        Function 00087156 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00094B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0009521E
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00087D3D
                                                                                                                                                                                                                        • __Mtx_unlock.LIBCPMT ref: 00087DC8
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitializeMtx_unlock
                                                                                                                                                                                                                        • String ID: Failed to add event category ($V
                                                                                                                                                                                                                        • API String ID: 2287862619-1647955383
                                                                                                                                                                                                                        • Opcode ID: 34c7d000bec57004155c8868e0ae302df36b512eff18258b3a720811781fdd3f
                                                                                                                                                                                                                        • Instruction ID: 5f9d3ae6361d052ef443452ba7ac1c2f43e4c8a12e91ebe7371e26df342c8344
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34c7d000bec57004155c8868e0ae302df36b512eff18258b3a720811781fdd3f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2319F70904248DFDB04EF64D955BDD77B4BF55304F5080A9E84A1B283EB79EA08CBA2
                                                                                                                                                                                                                        Function 0008A7DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,384F580C,?,?), ref: 0008A531
                                                                                                                                                                                                                        • __Mtx_unlock.LIBCPMT ref: 0008A7EC
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008A989
                                                                                                                                                                                                                          • Part of subcall function 0008F110: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0008F268
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Unexpected return value: , xrefs: 0008A8CC
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Ios_base_dtorstd::ios_base::_$Mtx_unlockMultipleObjectsWait
                                                                                                                                                                                                                        • String ID: Unexpected return value:
                                                                                                                                                                                                                        • API String ID: 1703231451-3613193034
                                                                                                                                                                                                                        • Opcode ID: b196918d740f64b483e503f7e4b6c383c9574de8d3e5cb12bf9b516c2861a503
                                                                                                                                                                                                                        • Instruction ID: 1899875d2421ab9b54332085d9e67b66bde8f7b958b866c5b87a031716d0beb5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b196918d740f64b483e503f7e4b6c383c9574de8d3e5cb12bf9b516c2861a503
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA21F770E01208DBEF14EFA4CD49BEDB735BF46310F10825AE195676D2DB349A85CB52
                                                                                                                                                                                                                        Function 00087052 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceBeginInitialize.KERNEL32(001680C4,00000000,384F580C,00000000,384F580C,0007A219,001680CC,?,?,?,?,?,?,0007A219,?,?), ref: 00079BE5
                                                                                                                                                                                                                          • Part of subcall function 00079BB0: InitOnceComplete.KERNEL32(001680C4,00000000,00000000), ref: 00079C1D
                                                                                                                                                                                                                          • Part of subcall function 00079940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00079A12
                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00087D3D
                                                                                                                                                                                                                        • __Mtx_unlock.LIBCPMT ref: 00087DC8
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitializeMtx_unlock
                                                                                                                                                                                                                        • String ID: P$Service has not been initialized
                                                                                                                                                                                                                        • API String ID: 920826028-2917841385
                                                                                                                                                                                                                        • Opcode ID: e54368372f9d03b6c40546de4f1ccb8e03b39c04c4efbe8991ead450c6829ea0
                                                                                                                                                                                                                        • Instruction ID: 0f04762f89f986289caf92545a3a8cbf98d23f89e2c41dfebda24daa21e511b4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e54368372f9d03b6c40546de4f1ccb8e03b39c04c4efbe8991ead450c6829ea0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1018471D04248DEDF04EFA0D512BED7374AF54310F50806AE90A17282EB79A60CCB66
                                                                                                                                                                                                                        Function 0007308E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00073095
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 000730A2
                                                                                                                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000730DF
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                        • String ID: bad locale name
                                                                                                                                                                                                                        • API String ID: 4089677319-1405518554
                                                                                                                                                                                                                        • Opcode ID: 05e26fc2f86086f63d0baec9ff3a50bfcb9dcacb7c8de789d7c271086aa0191f
                                                                                                                                                                                                                        • Instruction ID: 6c54ba6b7da78399ea6e55df0ea82972f1a9f1f9bb72f69a4786f4eae7743a0f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 05e26fc2f86086f63d0baec9ff3a50bfcb9dcacb7c8de789d7c271086aa0191f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82016771405B80DEC7319F7A844158AFFE07F287007508A2FE08D93B42CB309604CB6A
                                                                                                                                                                                                                        Function 0009D6D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,00074E6C,384F580C), ref: 0009D6D5
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0009D6E5
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: SetDefaultDllDirectories$kernel32.dll
                                                                                                                                                                                                                        • API String ID: 1646373207-2102062458
                                                                                                                                                                                                                        • Opcode ID: bb81381693d43276169f7010e17ad9f237794aa64e52e487b57e2cf037586921
                                                                                                                                                                                                                        • Instruction ID: 8d21c5b67d61111a64261025ffff174c2fb4ffb0e7ce6e6d99a428b2d8479c8f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb81381693d43276169f7010e17ad9f237794aa64e52e487b57e2cf037586921
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4D0122038470536DE501BB61D09F0E26C4BB41BC2F084851B009D70D0CEE4D452DA25
                                                                                                                                                                                                                        Function 001024F8 Relevance: 6.3, APIs: 4, Instructions: 320COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _strrchr
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3213747228-0
                                                                                                                                                                                                                        • Opcode ID: 2052368595d85d8921707e714fa8cf7e39a0871388d90fe44b2f9a70ca8f8144
                                                                                                                                                                                                                        • Instruction ID: 9f83beb9387d51431cff8e475f2b76cba8e4bc43340641c9b41c3249fb904c49
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2052368595d85d8921707e714fa8cf7e39a0871388d90fe44b2f9a70ca8f8144
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88B156329042859FDB15CF28C895BEEBBF5EF65340F24406AE885DB2C2D7B58D41CB60
                                                                                                                                                                                                                        Function 00112AF0 Relevance: 6.2, APIs: 4, Instructions: 173COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0007463F: GetProcessHeap.KERNEL32(?,?,?,0009C2E1,?,?,?,384F580C,?,00000000), ref: 00074676
                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,0011FB28,000000FF), ref: 00112BF4
                                                                                                                                                                                                                          • Part of subcall function 000975F0: FindResourceExW.KERNEL32(00000000,00000006,00000000,?,00000000,?,?,?,?,?,00112B5D,?,00000000), ref: 00097628
                                                                                                                                                                                                                          • Part of subcall function 000975F0: LoadResource.KERNEL32(00000000,00000000,?,?,?,?,?,00112B5D,?,00000000,?,?,?,?,?,0011FB28), ref: 00097636
                                                                                                                                                                                                                          • Part of subcall function 000975F0: LockResource.KERNEL32(00000000,?,?,?,?,?,00112B5D,?,00000000,?,?,?,?,?,0011FB28,000000FF), ref: 00097641
                                                                                                                                                                                                                          • Part of subcall function 000975F0: SizeofResource.KERNEL32(00000000,00000000,?,?,?,?,?,00112B5D,?,00000000,?,?,?,?,?,0011FB28), ref: 0009764F
                                                                                                                                                                                                                        • FindResourceW.KERNEL32(00000000,?,00000006), ref: 00112B74
                                                                                                                                                                                                                          • Part of subcall function 00097580: LoadResource.KERNEL32(00000101,00000101,00000000,80070057,8007000E,80004005,00098806,00000000,?,00000000,00000002,00000000), ref: 00097589
                                                                                                                                                                                                                          • Part of subcall function 00097580: LockResource.KERNEL32(00000000,?,00000000,00000002,00000000), ref: 00097594
                                                                                                                                                                                                                          • Part of subcall function 00097580: SizeofResource.KERNEL32(00000101,00000101,?,00000000,00000002,00000000), ref: 000975A8
                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 00112BAB
                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,0011FB28,000000FF), ref: 00112C2E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Resource$ByteCharMultiWide$FindLoadLockSizeof$HeapProcess
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2838002939-0
                                                                                                                                                                                                                        • Opcode ID: e5fdb9302e027e9d87b654698deb552f9528e7987550a1b762851ef4ccef3904
                                                                                                                                                                                                                        • Instruction ID: a983335a29fef4f2df67b3f35d2f993ab750c968837162369acb8dc71895a459
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5fdb9302e027e9d87b654698deb552f9528e7987550a1b762851ef4ccef3904
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A51C131200641AFEB288F18CC49FAEF7E8EF54710F20456DF6059B2D1EBB5A890CB95
                                                                                                                                                                                                                        Function 000EC0E1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AdjustPointer
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1740715915-0
                                                                                                                                                                                                                        • Opcode ID: f78b578b245dd83da9a635abe935577519781925bbf7173901ff1428d3eb7908
                                                                                                                                                                                                                        • Instruction ID: 9ffb444eaaac42fe48b1b21ab01b611f43f9a7528b5e6d48e24943e47c8a16d9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f78b578b245dd83da9a635abe935577519781925bbf7173901ff1428d3eb7908
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6451D172A012869FFB289F96C841FBA77A4FF0A714F14416DE91577292D732AC82C790
                                                                                                                                                                                                                        Function 00103531 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 4c6e79f414fd4e747a1dc763c9f755ec18f1aceea23daddb2062bcfcdbb62041
                                                                                                                                                                                                                        • Instruction ID: 3a22dbb9542bb5a86a67ca5e9f5fcabd1144ca42e030b7037250ede788a3db22
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c6e79f414fd4e747a1dc763c9f755ec18f1aceea23daddb2062bcfcdbb62041
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B41F9B2A04744BFD7259F38CC46B9ABBB9EF84710F10452AF0A1DB3D1D3B19A418780
                                                                                                                                                                                                                        Function 0011174E Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _free.LIBCMT ref: 0011181E
                                                                                                                                                                                                                        • _free.LIBCMT ref: 00111847
                                                                                                                                                                                                                        • SetEndOfFile.KERNEL32(00000000,001100BA,00000000,001102C3,?,?,?,?,?,?,?,001100BA,001102C3,00000000), ref: 00111879
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,001100BA,001102C3,00000000,?,?,?,?,00000000), ref: 00111895
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _free$ErrorFileLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1547350101-0
                                                                                                                                                                                                                        • Opcode ID: 4f83009fe3220d775102e520dd3ed9c9a16ea8d2a5b2157e4aa29cad58c07b2f
                                                                                                                                                                                                                        • Instruction ID: 336ca6ce1d8172f61c69f6fb5842567eff4febf0f7c69c44adf354289c524e7b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f83009fe3220d775102e520dd3ed9c9a16ea8d2a5b2157e4aa29cad58c07b2f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB41D572900605BFDB19AFB8CC46BDEB7A5EF54360F244131F664A72D2EB34C8818761
                                                                                                                                                                                                                        Function 0009EBA0 Relevance: 6.1, APIs: 4, Instructions: 90registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RegSetKeySecurity.ADVAPI32(00000000,00000000,00000000,00000000), ref: 0009EBCB
                                                                                                                                                                                                                        • RegEnumKeyExW.ADVAPI32(00000000,00000000,?,00000100,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0009EC28
                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,000F003F,?,?,00000000,00000000), ref: 0009EC4F
                                                                                                                                                                                                                          • Part of subcall function 0009EBA0: RegCloseKey.ADVAPI32(?,?,00000000,00000000), ref: 0009EC7E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseEnumOpenSecurity
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 611561417-0
                                                                                                                                                                                                                        • Opcode ID: 4ea020a1d61044b3364190913000c18534e9a28b4cdf34146d21f13b9627c9b5
                                                                                                                                                                                                                        • Instruction ID: 9365a89297e348b9e86456ad6139376dc516ed94cd9efb18b39121a397d1e6cd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ea020a1d61044b3364190913000c18534e9a28b4cdf34146d21f13b9627c9b5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D931A2B2A0021CAFDF30DF64DD49FEAB3F8EB08700F0005A5F959A6192DA709E91DB50
                                                                                                                                                                                                                        Function 000FE0E7 Relevance: 6.1, APIs: 4, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 99a5ff4ea48b95790f6eff978ec46fe55740d12c7f58ff3c0b29ded4c896c629
                                                                                                                                                                                                                        • Instruction ID: 4847ebe97ee165bce55908afdfddb00432502624e0258a8663e8c650b614d245
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99a5ff4ea48b95790f6eff978ec46fe55740d12c7f58ff3c0b29ded4c896c629
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0321FF7120428DAFEB20AF62CC8187B77ECFF443647104625F725D6AA2E730EC51A7A0
                                                                                                                                                                                                                        Function 000975F0 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 000E987E: EnterCriticalSection.KERNEL32(001677A0,?,00000101,?,000986A7,00000000,?,00000101,?,00000000,?,?,0009C338,-00000010), ref: 000E9889
                                                                                                                                                                                                                          • Part of subcall function 000E987E: LeaveCriticalSection.KERNEL32(001677A0,?,000986A7,00000000,?,00000101,?,00000000,?,?,0009C338,-00000010,?,?,?,384F580C), ref: 000E98B5
                                                                                                                                                                                                                        • FindResourceExW.KERNEL32(00000000,00000006,00000000,?,00000000,?,?,?,?,?,00112B5D,?,00000000), ref: 00097628
                                                                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,?,?,?,?,00112B5D,?,00000000,?,?,?,?,?,0011FB28), ref: 00097636
                                                                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,?,?,?,?,00112B5D,?,00000000,?,?,?,?,?,0011FB28,000000FF), ref: 00097641
                                                                                                                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,?,?,?,?,00112B5D,?,00000000,?,?,?,?,?,0011FB28), ref: 0009764F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Resource$CriticalSection$EnterFindLeaveLoadLockSizeof
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 529824247-0
                                                                                                                                                                                                                        • Opcode ID: 9f7a5b030b1af2ef61c8b7fc07ad7e9909bc3991dba90443434a23ca88acc78b
                                                                                                                                                                                                                        • Instruction ID: 56ebea7e2506f38160430ba9087cb3a818b21acd13dc26a0e466ab89ca75769d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f7a5b030b1af2ef61c8b7fc07ad7e9909bc3991dba90443434a23ca88acc78b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B31138336187125BDB385E5D9C44A3BB3D8EBC0399F110A2DF95AD3250EF61DC11A664
                                                                                                                                                                                                                        Function 00111647 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • WriteConsoleW.KERNEL32(000A860A,384F580C,0015C218,00000000,000A860A,?,0010F9C7,000A860A,00000001,000A860A,000A860A,?,00105B42,00000000,?,000A860A), ref: 0011165E
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,0010F9C7,000A860A,00000001,000A860A,000A860A,?,00105B42,00000000,?,000A860A,00000000,000A860A,?,00106096,000A860A), ref: 0011166A
                                                                                                                                                                                                                          • Part of subcall function 00111630: CloseHandle.KERNEL32(FFFFFFFE,0011167A,?,0010F9C7,000A860A,00000001,000A860A,000A860A,?,00105B42,00000000,?,000A860A,00000000,000A860A), ref: 00111640
                                                                                                                                                                                                                        • ___initconout.LIBCMT ref: 0011167A
                                                                                                                                                                                                                          • Part of subcall function 001115F0: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0011161F,0010F9B4,000A860A,?,00105B42,00000000,?,000A860A,00000000), ref: 00111603
                                                                                                                                                                                                                        • WriteConsoleW.KERNEL32(000A860A,384F580C,0015C218,00000000,?,0010F9C7,000A860A,00000001,000A860A,000A860A,?,00105B42,00000000,?,000A860A,00000000), ref: 0011168F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2744216297-0
                                                                                                                                                                                                                        • Opcode ID: dd795db688335abbf5e3f2997e55c110bf932a6a2d758765ae746429480d1075
                                                                                                                                                                                                                        • Instruction ID: 21dd651e897a3c10ad9a52a4ba0fd802c57ff75be1bab0e5629b476bdad586ae
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd795db688335abbf5e3f2997e55c110bf932a6a2d758765ae746429480d1075
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5CF01C36001119BBCF221F91DC05ADA7F66FB493A0F044024FA0A85520D77288A1DF90
                                                                                                                                                                                                                        Function 000E8982 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • SleepConditionVariableCS.KERNELBASE(?,000E891F,00000064), ref: 000E89A5
                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(0016742C,00081171,?,000E891F,00000064,?,?,?,0008402B,0016827C,384F580C,?,00081171,?), ref: 000E89AF
                                                                                                                                                                                                                        • WaitForSingleObjectEx.KERNEL32(00081171,00000000,?,000E891F,00000064,?,?,?,0008402B,0016827C,384F580C,?,00081171,?), ref: 000E89C0
                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(0016742C,?,000E891F,00000064,?,?,?,0008402B,0016827C,384F580C,?,00081171,?), ref: 000E89C7
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3269011525-0
                                                                                                                                                                                                                        • Opcode ID: e6c2b23b908a23431194a04afb39fbb6215150c7761ebeb3a185ce9890b8ce8b
                                                                                                                                                                                                                        • Instruction ID: 8f571e870ed297f09dc6b2bead7cb1e07a1cce1b888336d7c8d48d09dfe198b0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6c2b23b908a23431194a04afb39fbb6215150c7761ebeb3a185ce9890b8ce8b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02E09232A05124FFCB212B50EC0C99D7F69FB08B55B048060F519625A1CFB148B18BD6
                                                                                                                                                                                                                        Function 000FF540 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _free.LIBCMT ref: 000FF549
                                                                                                                                                                                                                          • Part of subcall function 00102098: RtlFreeHeap.NTDLL(00000000,00000000,?,0010B729,?,00000000,?,?,?,0010B9CC,?,00000007,?,?,0010BDD6,?), ref: 001020AE
                                                                                                                                                                                                                          • Part of subcall function 00102098: GetLastError.KERNEL32(?,?,0010B729,?,00000000,?,?,?,0010B9CC,?,00000007,?,?,0010BDD6,?,?), ref: 001020C0
                                                                                                                                                                                                                        • _free.LIBCMT ref: 000FF55C
                                                                                                                                                                                                                        • _free.LIBCMT ref: 000FF56D
                                                                                                                                                                                                                        • _free.LIBCMT ref: 000FF57E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                        • Opcode ID: f394e321d8c77c9b499a197f1b6c31b6b379a5dcf5e07347a802f96c6429a135
                                                                                                                                                                                                                        • Instruction ID: c697c67aa2f301bed05ef14fa08f91cffe2c4859a3cb529c113390d98d647136
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f394e321d8c77c9b499a197f1b6c31b6b379a5dcf5e07347a802f96c6429a135
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89E04670895720DAD7222F38BC054093B21A7257083004906F40802BB5CFFA01EEDBC1
                                                                                                                                                                                                                        Function 00114440 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00112AF0: FindResourceW.KERNEL32(00000000,?,00000006), ref: 00112B74
                                                                                                                                                                                                                          • Part of subcall function 00112AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 00112BAB
                                                                                                                                                                                                                          • Part of subcall function 00112AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,0011FB28,000000FF), ref: 00112C2E
                                                                                                                                                                                                                        • WritePrivateProfileStructW.KERNEL32(?,00000000,4752434D,00000024,00000002), ref: 0011453C
                                                                                                                                                                                                                        • WritePrivateProfileStructW.KERNEL32(?,?,00000000,?,00000002), ref: 00114598
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharMultiPrivateProfileStructWideWrite$FindResource
                                                                                                                                                                                                                        • String ID: MCRG
                                                                                                                                                                                                                        • API String ID: 2178413835-1523812224
                                                                                                                                                                                                                        • Opcode ID: a53c856849865267eec52f6a92c5cbb7e69ed3484678d29964aa3e44bfaa9dce
                                                                                                                                                                                                                        • Instruction ID: a3ba53b22729a8a8495ce67a7e6176a3fecc424db1a8cab561a4cfda6afefd66
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a53c856849865267eec52f6a92c5cbb7e69ed3484678d29964aa3e44bfaa9dce
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB617871900148EFDB15CFA8C844B9EFBF6EF49720F148269E815AB2A1DB70A945CB90
                                                                                                                                                                                                                        Function 000971C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00097362
                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00097367
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                        • String ID: 'm
                                                                                                                                                                                                                        • API String ID: 118556049-1808540729
                                                                                                                                                                                                                        • Opcode ID: 4a14896e9e29ccc8f8e7ef4f731cc29413ce1a0c2e665baa3d9b0ea62ffd600b
                                                                                                                                                                                                                        • Instruction ID: 2407d484cf6318e61a6314a191cf22651330c92dd60f74f827e78f7a065bddfd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a14896e9e29ccc8f8e7ef4f731cc29413ce1a0c2e665baa3d9b0ea62ffd600b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1551D3B2918601DFDB28CF28C94576EB7F5EF48300F10462EE45A97791DB31EA44DB91
                                                                                                                                                                                                                        Function 000EC6E2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 000EC707
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: EncodePointer
                                                                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                                                                        • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                        • Opcode ID: 5ef090785d8e8aa49537b415e9c554e45fcfa3de496af5d56f093fca09ce503d
                                                                                                                                                                                                                        • Instruction ID: cca5b08b6de0f21116b660d61f054cddc248f05924ce72270e19595e9f78dff1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5ef090785d8e8aa49537b415e9c554e45fcfa3de496af5d56f093fca09ce503d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83412571900289AFEF16DF99CD81EEEBBB5BF48300F148159F91476212D3369952DF50
                                                                                                                                                                                                                        Function 000E7720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: H_prolog3___cftoe
                                                                                                                                                                                                                        • String ID: !%x
                                                                                                                                                                                                                        • API String ID: 855520168-1893981228
                                                                                                                                                                                                                        • Opcode ID: 5184c68fcaffa3b51c947c8c5cb2ae58d6467e5010ccbb96b02eb58fdf71fcaf
                                                                                                                                                                                                                        • Instruction ID: 0a1edc0584800f5acc2f0e167c1d945aa3c9db1236f271fb95e14eabaa69e584
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5184c68fcaffa3b51c947c8c5cb2ae58d6467e5010ccbb96b02eb58fdf71fcaf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D316971D18298EFEF05DF99E845AEEBBB5EF08300F14401AF848B7242D7359A45DBA0
                                                                                                                                                                                                                        Function 0009E5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CLSIDFromString.OLE32(0000007B,?), ref: 0009E650
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FromString
                                                                                                                                                                                                                        • String ID: @${
                                                                                                                                                                                                                        • API String ID: 1694596556-3118734784
                                                                                                                                                                                                                        • Opcode ID: 53178b9284fa8dd2993623ce86753b3a76cd65fbc4dba655190534440f69229e
                                                                                                                                                                                                                        • Instruction ID: 8483eddd677e71a75fda34b6d58b90c72d5172d69f8128b2756e2258dd4cb389
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53178b9284fa8dd2993623ce86753b3a76cd65fbc4dba655190534440f69229e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4501A531A002089BCB20DF69D900BDEB3F8FF98710F40819EB84AE7150DE70AE85DB90
                                                                                                                                                                                                                        Function 000E97CD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 000744F8: InitializeCriticalSectionEx.KERNEL32(001677A0,00000000,00000000,0016778C,000E97FC,?,?,?,000711BA), ref: 000744FE
                                                                                                                                                                                                                          • Part of subcall function 000744F8: GetLastError.KERNEL32(?,?,?,000711BA), ref: 00074508
                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,000711BA), ref: 000E9800
                                                                                                                                                                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,000711BA), ref: 000E980F
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 000E980A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2920296861.0000000000061000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2919966436.0000000000060000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2921628143.000000000012E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922127013.000000000015F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922410861.0000000000164000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922759181.0000000000166000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2922996796.0000000000169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_60000_saBSI.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                        • API String ID: 3511171328-631824599
                                                                                                                                                                                                                        • Opcode ID: 70c00a3a781b0026cc05d8286786cfae7c3f33d280eeb9994908db5d16c7eb40
                                                                                                                                                                                                                        • Instruction ID: 76aee91da8bc775b3ed290eb3372df89ed1ff3637abb53ebf48678d7c87636cc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70c00a3a781b0026cc05d8286786cfae7c3f33d280eeb9994908db5d16c7eb40
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BEE092B0600751CFD3709F26E9053437BE4AF04744F00892DE49AE2671DBB5D48ACBA1